Home Page › Forums › Network Management › Networking › ACCESS TO SERVER from internal BY EXTERNAL DOMAIN
- This topic has 6 replies, 5 voices, and was last updated 2 years, 7 months ago by
Clark.
-
AuthorPosts
-
September 2, 2016 at 6:46 pm #44632
pgbuz
ParticipantAfter some days of study I discovered the problem existing with zeroshell and not with more simple routers. Seem that there is a solution http://zswiki.pan-am.ca/wiki/NAT_Hairpin but I’m not so able and I ask help. I think that in a configuration standard as mine can help a lot of people.
router zeroshell ip 192.168.3.1 – eth0
external ip 44.44.44.44 – eth1 domain example.com
internal server1 192.168.3.11 – eth0 https port 443
internal server2 192.168.3.12 – eth0 https port 443
NAT enable eth1 only
firewall disabled, dns disabledI use from external to access server1 https://example.com:443
and https://example.com:4433 to access to server 2With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443 I don’t have problem from external, but nothing to do from internal. I tried with virtual server rule 44.44.44.44/eth0:4433 to 192.168.3.12:443 but I cannot access to servers from their LAN. I think a nat problem and I think that I have to insert in zeroshell a rule using an iptable script. Can some people help please?
Thank youSeptember 5, 2016 at 5:59 pm #54241pgbuz
ParticipantNo people helped me but I found the solution. I hope can help.
In Scripts/cron — NAT and VIRTUAL SERVERS:
iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADE
iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADEIn router — virtual server rules:
any/eth1:443 to 192.168.3.11:443
any/eth1:4433 to 192.168.3.12:443Now my last problem is that if I call https://example.com:443 from internal, I arrive on zeroshell web management and not on 192.168.3.11 server.
Cheer
[/img]November 19, 2017 at 11:39 pm #54242igork
MemberDid you find the solution for this problem? I want to do the same.
November 20, 2017 at 5:38 am #54243pgbuz
Participantyes, the upper solution works. Has been a miss config that sent me on management page.
November 22, 2017 at 9:20 am #54244Montikore
Participanti think you over took it, it may be very simpler to just not put any ip nor interface as source, and your virtual server will be availbale from inside too.
@pgbuz wrote:
With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443
in your case, it should be any/any:443 to 192.168.3.11:443
February 13, 2018 at 8:20 am #54245savimakwo
MemberHow to make those series formation towards the end of series
July 2, 2018 at 7:50 am #64183Clark
ParticipantThanks for the guidance fried its really knowledgeable thread.
-
AuthorPosts
- You must be logged in to reply to this topic.