From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Eastep Subject: Re: HTTP Port forwarding issues Date: Mon, 08 Jul 2002 12:44:19 -0700 Sender: netfilter-admin@lists.samba.org Message-ID: <3D29EB93.9080109@shorewall.net> References: <001f01c226b6$eb0a4f60$6702a8c0@internal.monstersolutions.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: Errors-To: netfilter-admin@lists.samba.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Big Daddy Cc: netfilter@lists.samba.org Big Daddy wrote: > all, > for some reason i can get my smtp and pop3 to route from > the internet, but i cannot get http requests to forward correctly. > > iptables -A FORWARD -p tcp -i eth0 -d $int_ip -p tcp --dport http -m > state --state NEW -j ACCEPT > iptables -A FORWARD -p tcp -i eth0 -d $int_ip -p tcp --dport smtp -m > state --state NEW -j ACCEPT (works) > iptables -A FORWARD -p tcp -i eth0 -d $int_ip -p tcp --dport pop3 -m > state --state NEW -j ACCEPT (works) > > iptables -t nat -A PREROUTING -d $ext_ip -p tcp --dport smtp -j DNAT > --to-destination $int_smtp:25 (works) > iptables -t nat -A PREROUTING -d $ext_ip -p tcp --dport pop3 -j DNAT > --to-destination $int_pop3:110 (works) > iptables -t nat -A PREROUTING -d $ext_ip -p tcp --dport http -j DNAT > --to-destination $int_http:80 > > web server is running IIS5. > any help would be great! More than likely your ISP is blocking incoming HTTP requests. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net