From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?ISO-8859-2?Q?G=E1sp=E1r_Lajos?= Subject: Re: Access from inside proxy to server with apache Date: Wed, 17 Dec 2008 15:54:46 +0100 Message-ID: <494912B6.3070702@freemail.hu> References: <22552e810812170530t79d02e5cieb363bb6afa61816@mail.gmail.com> Mime-Version: 1.0 Content-Transfer-Encoding: QUOTED-PRINTABLE Return-path: In-Reply-To: <22552e810812170530t79d02e5cieb363bb6afa61816@mail.gmail.com> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="iso-8859-1"; format="flowed" To: Javi Legido Cc: Netfilter list Hi, Javi Legido =EDrta: > Hi. > > I have the following schema: > > [A] > > [Pc] (80) =3D> (80) [Router] (80) =3D> (80) [Server] > > [B] > > [Pc] (80) =3D> (80) [Proxy] ?? =3D> (80) [Router] (80) =3D> (80) [Ser= ver] > > More data: > > -The server has iptables and Apache > -The router has port 80 tcp redirected to the server > > Troubleshooting: > > -When I 'switch on' iptables, schema [B] fails (schema [A] always wor= ks fine) > -When I 'switch off' iptables, schema [B] works fine > > =20 =2E.. > Dec 17 12:32:24 servidor kernel: [1120947.846431] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D56 > TOS=3D0x00 PREC=3D0x00 TTL=3D155 ID=3D31428 PROTO=3DICMP TYPE=3D3 COD= E=3D4 > [SRC=3D192.168.1.2 DST=3Dpublic_ip_1 LEN=3D1500 TOS=3D0x00 PREC=3D0x0= 0 TTL=3D63 > ID=3D16093 DF PROTO=3DTCP INCOMPLETE [8 bytes] ] MTU=3D1492 > Dec 17 12:32:54 servidor kernel: [1120979.925513] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:32:57 servidor kernel: [1120983.069334] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:32:57 servidor kernel: [1120983.693341] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:33:03 servidor kernel: [1120989.596154] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:33:03 servidor kernel: [1120990.224560] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:33:15 servidor kernel: [1121001.913149] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:33:15 servidor kernel: [1121002.550066] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3Dpublic_ip_2 DST=3D192.168.1.2= LEN=3D60 > TOS=3D0x00 PREC=3D0x00 TTL=3D52 ID=3D0 DF PROTO=3DTCP SPT=3D4242 DPT=3D= 56202 > WINDOW=3D5792 RES=3D0x00 ACK SYN URGP=3D0 > Dec 17 12:33:45 servidor kernel: [1121033.566738] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31434 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D1 > Dec 17 12:33:46 servidor kernel: [1121034.571848] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31435 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D2 > Dec 17 12:33:47 servidor kernel: [1121035.592819] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31436 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D3 > Dec 17 12:33:48 servidor kernel: [1121036.789595] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31437 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D4 > Dec 17 12:33:49 servidor kernel: [1121037.817587] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31438 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D5 > Dec 17 12:33:50 servidor kernel: [1121038.945584] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31439 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D6 > Dec 17 12:33:51 servidor kernel: [1121039.974620] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31440 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D7 > Dec 17 12:33:52 servidor kernel: [1121040.974610] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31441 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D8 > Dec 17 12:33:53 servidor kernel: [1121041.978981] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31442 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D9 > Dec 17 12:33:54 servidor kernel: [1121042.991844] INPUT_IN=3Deth0 OUT= =3D > MAC=3Dmac_server:mac_client:08:00 SRC=3D192.168.1.1 DST=3D192.168.1.2= LEN=3D84 > TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D31443 PROTO=3DICMP TYPE=3D0 COD= E=3D0 ID=3D33569 > SEQ=3D10 > =20 I do not see in this log any http (port 80 SPT=3D80 or DPT=3D80) activi= ty.... Swifty