From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Kent Wang" Subject: IP forwarding on port 80 Date: Thu, 12 Jun 2003 02:17:09 -0500 Sender: netfilter-admin@lists.netfilter.org Message-ID: <000301c330b2$a68c7280$0300a8c0@eclipse> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0004_01C33088.BDB66A80" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org This is a multi-part message in MIME format. ------=_NextPart_000_0004_01C33088.BDB66A80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Firewall, called dscp, has these iptables settings: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- localhost.localdomain anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:sftp DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere dscp.nur.utexas.edutcp dpt:http to:192.168.0.2 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination HTTP server has these settings: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- localhost.localdomain anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:sftp DROP all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Firewall connects to the world via eth1 and to the HTTP server on eth0. HTTP server connects to the firewall on eth0 and to another machine on eth1. I can access the HTTP server from the firewall just fine but not from the Internet (times out). Any clues? ------=_NextPart_000_0004_01C33088.BDB66A80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable 
Firewall, called dscp, has these iptables =
settings:
 
Chain =
INPUT (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
ACCEPT     tcp  =
--  localhost.localdomain  =
anywhere
ACCEPT     all  =
--  =
anywhere           =
;  =
anywhere           =
state
RELATED,ESTABLISHED
ACCEPT     icmp --  =
anywhere           =
;  anywhere
ACCEPT     tcp  =
--  =
anywhere           =
;  =
anywhere           tcp =
dpt:http
ACCEPT     tcp  =
--  =
anywhere           =
;  =
anywhere           tcp =
dpt:ssh
ACCEPT     tcp  =
--  =
anywhere           =
;  =
anywhere           tcp =
dpt:sftp
DROP       =
all  --  =
anywhere           =
;  anywhere
 
Chain =
FORWARD (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
Chain =
OUTPUT (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
Chain =
PREROUTING (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
DNAT       =
tcp  --  =
anywhere           =
;  dscp.nur.utexas.edutcp dpt:http
to:192.168.0.2
 
Chain =
POSTROUTING (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
Chain =
OUTPUT (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
HTTP =
server has these settings:
 
Chain =
INPUT (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
ACCEPT     tcp  =
--  localhost.localdomain  =
anywhere
ACCEPT     all  =
--  =
anywhere           =
;  =
anywhere           =
state
RELATED,ESTABLISHED
ACCEPT     icmp --  =
anywhere           =
;  anywhere
ACCEPT     tcp  =
--  =
anywhere           =
;  =
anywhere           tcp =
dpt:http
ACCEPT     tcp  =
--  =
anywhere           =
;  anywhere    =
       tcp =
dpt:ssh
ACCEPT     tcp  =
--  =
anywhere           =
;  =
anywhere           tcp =
dpt:sftp
DROP       =
all  --  =
anywhere           =
;  anywhere
 
Chain =
FORWARD (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
Chain =
OUTPUT (policy ACCEPT)
target     prot opt =
source           &=
nbsp;   destination
 
Firewall =
connects to the world via eth1 and to the HTTP server on eth0. =
HTTP
server =
connects to the firewall on eth0 and to another machine on =
eth1.
 
I can =
access the HTTP server from the firewall just fine but not from =
the
Internet =
(times out). Any clues?

 

------=_NextPart_000_0004_01C33088.BDB66A80--