cannot connect to virtualhosts from lan with 2 nics on server : 1 for lan , 1 for WAN on dmz slot

1 post / 0 new
#1 Fri, 11/15/2013 - 08:26
magneticlab

cannot connect to virtualhosts from lan with 2 nics on server : 1 for lan , 1 for WAN on dmz slot

Hi all, I get a virtualmin server on ubuntu 12.04 Everything was good until i decided to add a second network card to connect the server to my LAN. For now it's still working perfectly from the outside meaning that my WAN IP address is still correct. here is my ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:0c:29:96:40:2c
          inet adr:84.253.XX.XX  Bcast:84.253.XX.XX  Masque:255.255.255.252
          adr inet6: fe80::20c:29ff:fe96:402c/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:2664035 erreurs:0 :0 overruns:0 frame:0
          TX packets:2826116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          Octets reçus:673594010 (673.5 MB) Octets transmis:571750257 (571.7 MB               )

eth1      Link encap:Ethernet  HWaddr 00:0c:29:96:40:36
          inet adr:192.168.0.XX  Bcast:192.168.0.255  Masque:255.255.255.0
          adr inet6: fe80::20c:29ff:fe96:4036/64 Scope:Lien
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Packets reçus:5034437 erreurs:0 :751 overruns:0 frame:0
          TX packets:757841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:1000
          Octets reçus:595863867 (595.8 MB) Octets transmis:91481995 (91.4 MB)

lo        Link encap:Boucle locale
          inet adr:127.0.0.1  Masque:255.0.0.0
          adr inet6: ::1/128 Scope:Hôte
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          Packets reçus:78431 erreurs:0 :0 overruns:0 frame:0
          TX packets:78431 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0
          Octets reçus:8651952 (8.6 MB) Octets transmis:8651952 (8.6 MB)

and here is my iptable:

root@test:~# sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
LOG        all  --  anywhere             anywhere             LOG level debug prefix "BANDWIDTH                               _IN:"
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:20000
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
LOG        all  --  anywhere             anywhere             LOG level debug prefix "BANDWIDTH                               _IN:"

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             LOG level debug prefix "BANDWIDTH                               _OUT:"
LOG        all  --  anywhere             anywhere             LOG level debug prefix "BANDWIDTH                               _IN:"

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             LOG level debug prefix "BANDWIDTH                               _OUT:"

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

It seems that what is missing is called Hairpinning NAT.

May someone help me putting this in place ? Thank you very much, Fred