ACCESS TO SERVER from internal BY EXTERNAL DOMAIN

Home Page Forums Network Management Networking ACCESS TO SERVER from internal BY EXTERNAL DOMAIN

This topic contains 6 replies, has 5 voices, and was last updated by  Clark 4 months, 2 weeks ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #44632

    pgbuz
    Participant

    After some days of study I discovered the problem existing with zeroshell and not with more simple routers. Seem that there is a solution http://zswiki.pan-am.ca/wiki/NAT_Hairpin but I’m not so able and I ask help. I think that in a configuration standard as mine can help a lot of people.

    router zeroshell ip 192.168.3.1 – eth0
    external ip 44.44.44.44 – eth1 domain example.com
    internal server1 192.168.3.11 – eth0 https port 443
    internal server2 192.168.3.12 – eth0 https port 443
    NAT enable eth1 only
    firewall disabled, dns disabled

    I use from external to access server1 https://example.com:443
    and https://example.com:4433 to access to server 2

    With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443 I don’t have problem from external, but nothing to do from internal. I tried with virtual server rule 44.44.44.44/eth0:4433 to 192.168.3.12:443 but I cannot access to servers from their LAN. I think a nat problem and I think that I have to insert in zeroshell a rule using an iptable script. Can some people help please?
    Thank you

    #54241

    pgbuz
    Participant

    No people helped me but I found the solution. I hope can help.

    In Scripts/cron — NAT and VIRTUAL SERVERS:
    iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADE
    iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADE

    In router — virtual server rules:
    any/eth1:443 to 192.168.3.11:443
    any/eth1:4433 to 192.168.3.12:443

    Now my last problem is that if I call https://example.com:443 from internal, I arrive on zeroshell web management and not on 192.168.3.11 server.
    Cheer
    [/img]

    #54242

    igork
    Member

    Did you find the solution for this problem? I want to do the same.

    #54243

    pgbuz
    Participant

    yes, the upper solution works. Has been a miss config that sent me on management page.

    #54244

    Montikore
    Participant

    i think you over took it, it may be very simpler to just not put any ip nor interface as source, and your virtual server will be availbale from inside too.

    @pgbuz wrote:

    With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443

    in your case, it should be any/any:443 to 192.168.3.11:443

    #54245

    savimakwo
    Member

    How to make those series formation towards the end of series

    #64183

    Clark
    Participant

    Thanks for the guidance fried its really knowledgeable thread.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.