NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Enabling internal connections to transparently connect via external

from [Robby Workman] [Permanent Link][Original]
To: Chris Willis <chris@castellan.net>
Subject: Re: Enabling internal connections to transparently connect via external IP address
From: Robby Workman <netfilter@rlworkman.net>
Date: Thu, 31 May 2007 19:09:30 -0500
Cc: "'netfilter@lists.netfilter.org'" <netfilter@lists.netfilter.org>
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
In-reply-to: <BBC99700C9F0FA49A9C6E005863D603107A19C1920@MULTAN.castellan.net>
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Openpgp: id=D0E52F04
Organization: http://rlworkman.net
References: <BBC99700C9F0FA49A9C6E005863D603107A19C1920@MULTAN.castellan.net>
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Thunderbird 2.0.0.0 (X11/20070326) 
Chris Willis wrote:
> Environment:
> Windows XP laptop machine, part of domain acme.int, IP 192.168.1.150
> Windows 2003 Server running Exchange 2003 (exchange.acme.int, 192.168.1.10)
> External Domain: acme.com (T1 line, firewall external IP & MX record 
> mail.acme.com 60.60.60.60)
> Firewall: PC running Fedora Core 6, IPTables, using FWBuilder to create a 
> ruleset, 2 NICs (eth0 192.168.1.1, eth1 60.60.60.60)
> 
> Problem: when a laptop user (works in office and remotely) goes to 
> https://mail.acme.com, it works fine from the outside, but not from the 
> inside.
> 
> Goal: when an internal (192.168.1.X) client goes to https://mail.acme.com, 
> the firewall should accept the packets, route them to the exchange box, and 
> then route return packets back to the client.
> 
> This works just fine on a netscreen firewall I tested with at the client site 
> (same IP addresses as  linux box above).


There's the "dirty" way (IMHO):
http://iptables-tutorial.frozentux.net/chunkyhtml/x4033.html

There's the cleaner way (IMHO):
Have your DNS server setup to serve internal clients the internal
address of mail.acme.com.

RW
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Two NICs, same network..., Pascal Hambourg
Next by Date:  Re: syn DDoS attack solution, Tony.Ho
Previous by Thread:  Enabling internal connections to transparently connect via external IP address, Chris Willis
Indexes:  [Date] [Thread] [Top] [All Lists]