[Techtalk] iptables, dmz, public addys

Devdas Bhagat devdas at dvb.homelinux.org
Wed Mar 15 02:21:31 EST 2006

On 14/03/06 22:36 +1100, John Clarke wrote:
> In your example you've said the dmz uses an RFC 1918 address range, so
> you will also need to DNAT the incoming packets.  For example, if
> your web server at is actually on the dmz subnet,
> then these rules should do the trick:

Someone on another IRC channel suggested a slightly different trick.
Assign the external IP address to the NAT gateway to the loopback interface 
of the host. This lets the real server think that the public IP address
is local and it will respond correctly without the need to actually NAT

Then your problem boils down to routing the packets correctly, which is
fairly well documented at
http://www.lartc.org/lartc.html#LARTC.COOKBOOK.SQUID .

I haven't tried this yet (mostly because I don't have access to hardware
which needs a NAT), but it should work.

Devdas Bhagat

More information about the Techtalk mailing list