Can I run a Web server behind a NAT router?

Discussion in 'Linux Networking' started by phillipedison1891, May 8, 2005.

  1. If I have a LAN connected to the Internet via a NAT router and a cable
    modem, could I run a computer (running Linux, of course) on the LAN as
    a server? If so, how? These routers are supposed to have fancy
    firewalls built in to them

    _PA
     
    phillipedison1891, May 8, 2005
    #1
    1. Advertisements

  2. phillipedison1891

    bram4 Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi

    You have to setup IP-passthrough. Usually it's somewhere in the
    webconfig of your router. Your have to tell it that you want incoming
    requests to port 80 redirected to the local ip of your server.

    The fancy firewall is principally a NAT box. It masquerades the local
    IP's behind your public one. It might have an additional firewall, which
    you would have to configure too. But I can't tell... Mine is a Netopia
    ADSL router.

    Regards
    Bram4

    - --


    BIG BROTHER IS WATCHING YOU
    www.anti-dmca.org
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.0 (MingW32)

    iD8DBQFCfVMBsv7ahDE9W98RAss1AJ9ImsCstOR3nM98lcd+cbbFpz9ViQCgrNH/
    wqHuIs4NZHcyDiEtyx3WnRg=
    =F4XJ
    -----END PGP SIGNATURE-----
     
    bram4, May 8, 2005
    #2
    1. Advertisements

  3. phillipedison1891

    Ken Guest

    Hi -

    You need to be able to configure the router to forward incoming
    connections to port 80 (or whatever port you are going to use) to the
    server.

    Personally I use a Linux-based system for my router/firewall as well
    as my server. A few iptables rules and port 25 (SMTP) and 80 (HTTP)
    go to my server. Anything else that is not part of an connection
    initiated from the inside gets rejected.

    For additional security, the server is in a DMZ, not in the LAN, and
    is not permitted to initiate connections to the LAN.
     
    Ken, May 8, 2005
    #3
  4. phillipedison1891

    Kunael Guest

    If I have a LAN connected to the Internet via a NAT router and a cable
    * One clue: DNAT. Man iptables, of course.
    * Exactly. If the web-server is in DMZ segment and this is hacked in future
    you LAN remains safe.
     
    Kunael, May 8, 2005
    #4
  5. Hi ,
    This is quite simple
    First your ISP must fix you a public adress say "pubaddr1"
    then issue this command :
    iptables -t nat -A PREROUTING -p tcp -d "pubaddr1" --dport 80 -j DNAT
    --to <your server local ip>
    Good Luck
    S. MAMMAR
     
    soulimane.mammar, May 8, 2005
    #5
  6. phillipedison1891

    James Knott Guest

    You can, if your router supports port forwarding to a specific computer.
     
    James Knott, May 8, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.