www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

ACCESS TO SERVER from internal BY EXTERNAL DOMAIN

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message
pgbuz



Joined: 05 Aug 2016
Posts: 38

PostPosted: Fri Sep 02, 2016 6:46 pm    Post subject: ACCESS TO SERVER from internal BY EXTERNAL DOMAIN Reply with quote

After some days of study I discovered the problem existing with zeroshell and not with more simple routers. Seem that there is a solution http://zswiki.pan-am.ca/wiki/NAT_Hairpin but I'm not so able and I ask help. I think that in a configuration standard as mine can help a lot of people.

router zeroshell ip 192.168.3.1 - eth0
external ip 44.44.44.44 - eth1 domain example.com
internal server1 192.168.3.11 - eth0 https port 443
internal server2 192.168.3.12 - eth0 https port 443
NAT enable eth1 only
firewall disabled, dns disabled

I use from external to access server1 https://example.com:443
and https://example.com:4433 to access to server 2

With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443 I don't have problem from external, but nothing to do from internal. I tried with virtual server rule 44.44.44.44/eth0:4433 to 192.168.3.12:443 but I cannot access to servers from their LAN. I think a nat problem and I think that I have to insert in zeroshell a rule using an iptable script. Can some people help please?
Thank you
Back to top
View user's profile Send private message
pgbuz



Joined: 05 Aug 2016
Posts: 38

PostPosted: Mon Sep 05, 2016 5:59 pm    Post subject: SOLVED Reply with quote

No people helped me but I found the solution. I hope can help.

In Scripts/cron -- NAT and VIRTUAL SERVERS:
iptables --table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport --dports 443 -j MASQUERADE
iptables --table nat -A POSTROUTING -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m multiport --dports 443 -j MASQUERADE

In router -- virtual server rules:
any/eth1:443 to 192.168.3.11:443
any/eth1:4433 to 192.168.3.12:443

Now my last problem is that if I call https://example.com:443 from internal, I arrive on zeroshell web management and not on 192.168.3.11 server.
Cheer
[/img]
Back to top
View user's profile Send private message
igork



Joined: 16 Oct 2015
Posts: 33

PostPosted: Sun Nov 19, 2017 11:39 pm    Post subject: Reply with quote

Did you find the solution for this problem? I want to do the same.
Back to top
View user's profile Send private message
pgbuz



Joined: 05 Aug 2016
Posts: 38

PostPosted: Mon Nov 20, 2017 5:38 am    Post subject: Reply with quote

yes, the upper solution works. Has been a miss config that sent me on management page.
Back to top
View user's profile Send private message
Montikore



Joined: 19 Jan 2016
Posts: 64

PostPosted: Wed Nov 22, 2017 9:20 am    Post subject: Reply with quote

i think you over took it, it may be very simpler to just not put any ip nor interface as source, and your virtual server will be availbale from inside too.

pgbuz wrote:

With virtual server rules any/eth1:443 to 192.168.3.11:443 and any/eth1:4433 to 192.168.3.12:443


in your case, it should be any/any:443 to 192.168.3.11:443
Back to top
View user's profile Send private message
savimakwo



Joined: 13 Feb 2018
Posts: 1

PostPosted: Tue Feb 13, 2018 8:20 am    Post subject: Reply with quote

How to make those series formation towards the end of series
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group