Firewall, called dscp, has these iptables settings:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- localhost.localdomain anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:sftp
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere dscp.nur.utexas.edutcp dpt:http
to:192.168.0.2
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
HTTP server has these settings:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- localhost.localdomain anywhere
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:sftp
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Firewall connects to the world via eth1 and to the HTTP server on eth0. HTTP
server connects to the firewall on eth0 and to another machine on eth1.
I can access the HTTP server from the firewall just fine but not from the
Internet (times out). Any clues?