* Problems with prerouting
@ 2003-09-29 15:55 Andreas Meyer
2003-09-30 5:06 ` Ray Leach
0 siblings, 1 reply; 2+ messages in thread
From: Andreas Meyer @ 2003-09-29 15:55 UTC (permalink / raw)
To: netfilter
Hi!
I could need some help with setting up a prerouting for a webserver
on my gateway.
static-Internet-IP on eth1
|
+----------------+
| |
| 192.168.20.210 |
| on eth0 |
+----------------+
|
+-----------+
| |
+---------+ +----------+
| | | |
192.168.20.60 | | 192.168.20.61
Squid | | Webserver
| | | |
192.168.1.75 | | |
+---------+ +----------+
|
+--------+
192.168.1.3 |
WKS |
+--------+
I addes a rule before all other forwarding and input and output
rules:
iptables -A FORWARD -p TCP -d 192.168.20.61 --dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -p TCP -d 192.168.20.210 --sport 1024: \
--dport 80 -j DNAT --to 192.168.20.61:8080
When I contact the proxy on 192.168.20.60 from 192.168.1.3 or from within the
the DMZ at 192.168.20.60 to call 192.168.20.210, nothing happens,
nothing in the logs.
What kind of problem do I have here? Is it possible at all to test such
a prerouting-rule from within the DMZ or the local network?
Thank you for listening!
--
Andreas Meyer | http://www.anup.de
| http://home.wtal.de/MeineHomepage
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: Problems with prerouting
2003-09-29 15:55 Problems with prerouting Andreas Meyer
@ 2003-09-30 5:06 ` Ray Leach
0 siblings, 0 replies; 2+ messages in thread
From: Ray Leach @ 2003-09-30 5:06 UTC (permalink / raw)
To: Netfilter Mailing List
[-- Attachment #1: Type: text/plain, Size: 1947 bytes --]
On Mon, 2003-09-29 at 17:55, Andreas Meyer wrote:
> Hi!
>
> I could need some help with setting up a prerouting for a webserver
> on my gateway.
>
>
> static-Internet-IP on eth1
> |
> +----------------+
> | |
> | 192.168.20.210 |
> | on eth0 |
> +----------------+
> |
> +-----------+
> | |
> +---------+ +----------+
> | | | |
> 192.168.20.60 | | 192.168.20.61
> Squid | | Webserver
> | | | |
> 192.168.1.75 | | |
> +---------+ +----------+
> |
>
> +--------+
> 192.168.1.3 |
> WKS |
> +--------+
>
> I addes a rule before all other forwarding and input and output
> rules:
>
> iptables -A FORWARD -p TCP -d 192.168.20.61 --dport 8080 -j ACCEPT
> iptables -t nat -A PREROUTING -p TCP -d 192.168.20.210 --sport 1024: \
> --dport 80 -j DNAT --to 192.168.20.61:8080
>
> When I contact the proxy on 192.168.20.60 from 192.168.1.3 or from within the
> the DMZ at 192.168.20.60 to call 192.168.20.210, nothing happens,
> nothing in the logs.
>
> What kind of problem do I have here? Is it possible at all to test such
> a prerouting-rule from within the DMZ or the local network?
>
You also need a FORWARD rule to forward the return traffic from the
webserver.
You can use something like ethereal or tcpdump to trace your traffic,
then you will see where the problem is.
Also, try usimg iptables LOG rules.
> Thank you for listening!
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-09-30 5:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-09-29 15:55 Problems with prerouting Andreas Meyer
2003-09-30 5:06 ` Ray Leach
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox