From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: Problems with prerouting
Date: Tue, 30 Sep 2003 07:06:17 +0200 [thread overview]
Message-ID: <1064898376.16779.57.camel@raylinux.internal> (raw)
In-Reply-To: <20030929155529.E451617C80@delta.anup.de>
[-- Attachment #1: Type: text/plain, Size: 1947 bytes --]
On Mon, 2003-09-29 at 17:55, Andreas Meyer wrote:
> Hi!
>
> I could need some help with setting up a prerouting for a webserver
> on my gateway.
>
>
> static-Internet-IP on eth1
> |
> +----------------+
> | |
> | 192.168.20.210 |
> | on eth0 |
> +----------------+
> |
> +-----------+
> | |
> +---------+ +----------+
> | | | |
> 192.168.20.60 | | 192.168.20.61
> Squid | | Webserver
> | | | |
> 192.168.1.75 | | |
> +---------+ +----------+
> |
>
> +--------+
> 192.168.1.3 |
> WKS |
> +--------+
>
> I addes a rule before all other forwarding and input and output
> rules:
>
> iptables -A FORWARD -p TCP -d 192.168.20.61 --dport 8080 -j ACCEPT
> iptables -t nat -A PREROUTING -p TCP -d 192.168.20.210 --sport 1024: \
> --dport 80 -j DNAT --to 192.168.20.61:8080
>
> When I contact the proxy on 192.168.20.60 from 192.168.1.3 or from within the
> the DMZ at 192.168.20.60 to call 192.168.20.210, nothing happens,
> nothing in the logs.
>
> What kind of problem do I have here? Is it possible at all to test such
> a prerouting-rule from within the DMZ or the local network?
>
You also need a FORWARD rule to forward the return traffic from the
webserver.
You can use something like ethereal or tcpdump to trace your traffic,
then you will see where the problem is.
Also, try usimg iptables LOG rules.
> Thank you for listening!
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
prev parent reply other threads:[~2003-09-30 5:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-29 15:55 Problems with prerouting Andreas Meyer
2003-09-30 5:06 ` Ray Leach [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1064898376.16779.57.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox