ACCESS TO SERVER from internal BY EXTERNAL DOMAIN

Forums Network Management Networking ACCESS TO SERVER from internal BY EXTERNAL DOMAIN

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • September 2, 2016 at 6:46 pm #44632
    pgbuz
    Participant

    After some days of study I discovered the problem existing with zeroshell and not with more simple routers. Seem that there is a solution http://zswiki.pan-am.ca/wiki/NAT_Hairpin but I’m not so able and I ask help. I think that in a configuration standard as mine can help a lot of people.

    router zeroshell ip 192.168.3.1 – eth0
    external ip 44.44.44.44 – eth1 domain example.com
    internal server1 192.168.3.11 – eth0 https port 443
    internal server2 192.168.3.12 – eth0 https port 443
    NAT enable eth1 only
    firewall disabled, dns disabled

    I use from external to access server1 https://example.com:443
    and https://example.com:4433 to access to server 2

    With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443 I don’t have problem from external, but nothing to do from internal. I tried with virtual server rule 44.44.44.44/eth0:4433 to 192.168.3.12:443 but I cannot access to servers from their LAN. I think a nat problem and I think that I have to insert in zeroshell a rule using an iptable script. Can some people help please?
    Thank you

    September 5, 2016 at 5:59 pm #54241
    pgbuz
    Participant

    No people helped me but I found the solution. I hope can help.

    In Scripts/cron — NAT and VIRTUAL SERVERS:
    iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADE
    iptables –table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport –dports 443 -j MASQUERADE

    In router — virtual server rules:
    any/eth1:443 to 192.168.3.11:443
    any/eth1:4433 to 192.168.3.12:443

    Now my last problem is that if I call https://example.com:443 from internal, I arrive on zeroshell web management and not on 192.168.3.11 server.
    Cheer
    [/img]

    November 19, 2017 at 11:39 pm #54242
    igork
    Member

    Did you find the solution for this problem? I want to do the same.

    November 20, 2017 at 5:38 am #54243
    pgbuz
    Participant

    yes, the upper solution works. Has been a miss config that sent me on management page.

    November 22, 2017 at 9:20 am #54244
    Montikore
    Participant

    i think you over took it, it may be very simpler to just not put any ip nor interface as source, and your virtual server will be availbale from inside too.

    @pgbuz wrote:

    With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443

    in your case, it should be any/any:443 to 192.168.3.11:443

    February 13, 2018 at 8:20 am #54245
    savimakwo
    Member

    How to make those series formation towards the end of series

    July 2, 2018 at 7:50 am #64183
    Clark
    Participant

    Thanks for the guidance fried its really knowledgeable thread.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.