Hello all,
I have a firewall/dhcp redhat linux machine gaurding a large internal
network. It sits in front of a webserver and many terminals. I need to
access a Web application on a seperate external network and allow that
application to send packets back and forth. I need to do this from all the
desktops inside the internal network, via desktop icons that launch a
browser window. I used iptables to set up a dnat route to the IP of the
external server on port 80 and was then able to connect to the Web app just
fine. However whenever it tries to send packets back they get lost. The
external server in question load balances with three IP's. I set up some
iptables FORWARD routes for each of the three IP's to allow port 80 and each
of the other ports to forward. It did not work. My questions are these:
Is FORWARD the right chain to allow data back in or should it be in the nat
chain?
Do I need to somehow masquerade the three IP's back to the one it thinks it
connected on?
Is this kind of FORWARD correct?
7 ACCEPT tcp -- ##.#.##.### 0.0.0.0/0 tcp dpt:80
can I say anything from the (obscured) IP goes to anywhere on port 80? Does
my destination need to be the DHCP lease of the internal terminal calling
the app?
I appreciate your help
Be well,
JZ
|
Similar Threads
Linear Mode
