Home Page › Forums › Network Management › ZeroShell › [SOLVED] Accesing local servers using the domain name. › Reply To: [SOLVED] Accesing local servers using the domain name.
In my case the inside network is 10.7.52.0/24 and the server is at 10.7.52.130. So if I try to access the server using the public IP it will get routed to the interface on the Zeroshell box that serves that IP address. But there are NAT rules on that, set up by the virtual server definition, that redirect the traffic to the actual server on the LAN.
Unfortunately the from address in the IP datagram has the inside address of my lap top. So the server responds directly to the laptop giving a LAN address in the from field. However my laptop is expecting responses from the public IP address so it does not handle the messages well (it should drop them all, possibly with logging). The tell-tale is when I pinged the public IP address the ping responses showed the LAN address of the server.
The solution is to NAT the traffic from your local LAN that is directed to your local server. That forces the return traffic from your server back to the Zeroshell box where the packet addresses are re-written to make everything work correctly.
Long explanation, but short fix. I don’t like playing with the main NAT chains directly so I set up a “custom local” chain, put my one rule in that then invoke the chain from the post-routing chain. The result is this in my “NAT and Virtual Servers” script:
#Fix issue with LAN clients accessing local servers with external IP addresses
iptables -t nat -N custom_postroute
iptables -t nat -A custom_postroute -s 10.7.52.0/24 -d 10.7.52.130 -j MASQUERADE
iptables -t nat -A POSTROUTING --match state --state NEW -j custom_postroute