Author Topic: Nat Loopback  (Read 4749 times)

Dezemerel

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Nat Loopback
« on: May 10, 2011, 12:37:15 pm »
Hello to Everyone,

New user here, so first of all, nice to meet you  :)

Im using Zentyal as a Gateway (with load balancing) and firewall in my Lan. The configuration Im currently using is the following:

===== ADSL router (Zyxzel P600 series)=========================
Public IP     [188.85.xxx.xxx].
Private IP   [192.168.1.32] All ports forwarded to 192.168.1.100

===== Zentyal box ======================================
Network card 1 (LAN) 10.10.1.125, external*, conected to my lan (10.10.1.0)
    Port redirection: From 10.10.1.125:8080 to 10.10.1.1:80. works inside the lan
Network card 2 (Bridge 1) 10.10.1.100, external, physically conected to Zyxzel router
    Port redirection: From 10.10.1.100:8080 to 10.10.1.125:8080
Network card 3 (Bridge 1) 10.10.1.100, external, to be conected to a ADSL router
Network card 4 (Bridge 1) 10.10.1.100, external, to be conected to a ADSL router

==== Local Lan ========================================
Ips rangin from [10.10.1.1] to [10.10.1.254], gateway: [10.10.1.125] (Zentyal), DNS [8.8.8.8]



What im trying to acomplish is to allow a machine on the lan (I.E 10.10.1.75) to acces the public ip of the Zentyal box using some port (188.85.xxx.xxx:8080), and be redirected to another port on a PC inside the lan (I.E 10.10.1.1:80).

I think this feature its called "NAT Loopback", but i havent found a way to get this done on Zentyal... Im not very literate on the use of iptables, and I couldnt find anything  about this on the help pages...  :-\

I hope someone whith better knowledge than me coud lend me a hand...

*: this interface is declared external because it has a port redirection inside (8080 to 10.10.1.1:80) that wont work inside the lan if it was declared as a internal interface.  ???

Thank you for reading my post.


jquintao

  • Board Moderator
  • Zen Hero
  • *****
  • Posts: 648
  • Karma: +14/-0
  • jquintao
    • View Profile
    • NetSol
Re: Nat Loopback
« Reply #1 on: May 11, 2011, 05:25:30 pm »
Hi,

I usually solve this situation using the VIEW feature of BIND (DNS software) ... With it, you can point a hostname to a IP (example: I.E 10.10.1.1:80) when the source was an IP like 10.10.1.0/24 and to another IP (example: 188.85.xxx.xxx) when the source was an IP like 200.x.x.x...

Maybe you can solve the problem using this... To use view with Zentyal, you need edit the named.conf.mas file...

Best regards,
Jorge Quintao

Rene garmendia Zaldivar

  • Zen Apprentice
  • *
  • Posts: 42
  • Karma: +0/-0
    • View Profile
Re: Nat Loopback
« Reply #2 on: May 29, 2011, 10:17:46 pm »
hola amigos:
Me podrian poner la config del DNS con vista Please....
Gracias
Rene

jquintao

  • Board Moderator
  • Zen Hero
  • *****
  • Posts: 648
  • Karma: +14/-0
  • jquintao
    • View Profile
    • NetSol
Re: Nat Loopback
« Reply #3 on: May 30, 2011, 08:29:34 pm »
Hi Rene,

See this example:

http://www.knowplace.org/pages/howtos/split_view_with_bind_9_howto.php

PS: You need use the named.conf.mas file to make this with Zentyal 2.x...

Thanks,
Jorge Quintao