CentOS – Inbound NAT (PART 14)

Lab 14: Inbound NAT

Allows Internet users to access Internal LAN server (for example, publishing mail server).
For example, a user on the internet accesss public IP port 80, the web site will show up.

1/ Check postfix status on WEBSRV (10.0.0.3)

service postfix status

It should show as running…

service httpd status

It should show as running…

Type ifconfig to ensure WEBSRV is => 10.0.0.3
ifconfig eth0 on FWSRV to ensure that its IP address is 216.123.169.85 (public IP address).

2/ DNS Server
Check DNS Server to make sure that mail.dalaris.com and www.dalaris.com are both pointing to 10.0.0.3.
On the firewall, enter command to forward to the web server

iptables –t nat –A PREROUTING –d 216.123.169.85 –i eth0 –p tcp –m tcp --dport 80 –j DNAT --to-destination 10.0.0.3:80
 iptables –t nat –A PREROUTING –d 216.123.169.85 –i eth0 –p tcp –m tcp --dport 25 –j DNAT --to-destination 10.0.0.3:25
iptables –t nat –A PREROUTING –d 216.123.169.85 –i eth0 –p tcp –m tcp --dport 110 –j DNAT --to-destination 10.0.0.3:110
iptables –t nat –A PREROUTING –d 216.123.169.85 –i eth0 –p tcp –m tcp --dport 143 –j DNAT --to-destination 10.0.0.3:143
service iptables save
service iptables restart

3/ Check on Windows Client

ipconfig /all

Ensure that the client is on the Internet.
Access URL:

http://216.123.169.85

You should see the web page.

4/ On the DNSSRV, check to see HTTP port is listening, type

netstat –an | grep :80

On a client computer, test squirrelmail access
Access URL:

http://216.123.169.85/webmail

On a client computer, test telnet to 216.123.169.85.

On the DNSSRV, type

netstat –an | grep :25

5/ Test by telnet to POP3
On client, test telnet to 216.123.169.85 110
Result should be:

 +OK Dovecot ready

On the DNSSRV, check whether POP3 is up and running, type

netstat –an | grep :110

We see that POP3 service is up and running.