Hi,

I have a RedHat 7.2 box configured as a firewall with IP masquerading. The setup is rather basic: DSL ROUTER <-> FIREWALL <-> SWITCH <-> (WEBSERVER, INTERNAL MACHINE 1, INTERNAL MACHINE 2, ETC) and for the most part works fine. External machines are able to access the webserver through the firewall, and internal machines can access the webserver via its LAN IP address. The problem I have is that internal machines can't reach the webserver via the firewall's EXTIP address. In other words, if I "telnet mydomain.com" on an internal machine, DNS (from outside my LAN) returns the correct IP address but the machine can't establish a connection, whereas the same test works fine if I perform it on a machine outside the firewall. In summary, it seems there's a problem with machines on the LAN accessing other machines on the LAN through the firewall.

I'm using the seemingly-standard rc.firewall 0.63 script (copied off linuxdoc.org), with a few modifications for allowing external access to my LAN. I figure I need to add a rule that forwards port 80 LAN traffic destined for the firewall EXTIP address to the webserver, but haven't been able to make it work. I've been looking all over for help and can't find what I need, so I'd love to hear everyone's suggestions on what might be wrong. Let me know if I should post my iptables config (or anything else).

Many Thanks,
Alan

you need to DNAT the requests from the local net too. by your description I can see that you are using DNAT only for the ext network. There is a good howto for this in the netfilter site. I am giving the address for it.

http://netfilter.samba.org/documenta...-HOWTO-10.html

good luck.

manthram