Re: Access from inside proxy to server with apache

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Gáspár Lajos" <swifty@freemail.hu>
To: Javi Legido <javi@legido.com>
Cc: Netfilter list <netfilter@vger.kernel.org>
Subject: Re: Access from inside proxy to server with apache
Date: Wed, 17 Dec 2008 15:54:46 +0100	[thread overview]
Message-ID: <494912B6.3070702@freemail.hu> (raw)
In-Reply-To: <22552e810812170530t79d02e5cieb363bb6afa61816@mail.gmail.com>

Hi,

Javi Legido írta:
> Hi.
>
> I have the following schema:
>
> [A]
>
> [Pc] (80) => (80) [Router] (80) => (80) [Server]
>
> [B]
>
> [Pc] (80) => (80) [Proxy] ?? => (80) [Router] (80) => (80) [Server]
>
> More data:
>
> -The server has iptables and Apache
> -The router has port 80 tcp redirected to the server
>
> Troubleshooting:
>
> -When I 'switch on' iptables, schema [B] fails (schema [A] always works fine)
> -When I 'switch off' iptables, schema [B] works fine
>
>   
...
> Dec 17 12:32:24 servidor kernel: [1120947.846431] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=56
> TOS=0x00 PREC=0x00 TTL=155 ID=31428 PROTO=ICMP TYPE=3 CODE=4
> [SRC=192.168.1.2 DST=public_ip_1 LEN=1500 TOS=0x00 PREC=0x00 TTL=63
> ID=16093 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
> Dec 17 12:32:54 servidor kernel: [1120979.925513] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:32:57 servidor kernel: [1120983.069334] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:32:57 servidor kernel: [1120983.693341] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:33:03 servidor kernel: [1120989.596154] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:33:03 servidor kernel: [1120990.224560] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:33:15 servidor kernel: [1121001.913149] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:33:15 servidor kernel: [1121002.550066] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
> WINDOW=5792 RES=0x00 ACK SYN URGP=0
> Dec 17 12:33:45 servidor kernel: [1121033.566738] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31434 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=1
> Dec 17 12:33:46 servidor kernel: [1121034.571848] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31435 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=2
> Dec 17 12:33:47 servidor kernel: [1121035.592819] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31436 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=3
> Dec 17 12:33:48 servidor kernel: [1121036.789595] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31437 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=4
> Dec 17 12:33:49 servidor kernel: [1121037.817587] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31438 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=5
> Dec 17 12:33:50 servidor kernel: [1121038.945584] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31439 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=6
> Dec 17 12:33:51 servidor kernel: [1121039.974620] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31440 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=7
> Dec 17 12:33:52 servidor kernel: [1121040.974610] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31441 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=8
> Dec 17 12:33:53 servidor kernel: [1121041.978981] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31442 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=9
> Dec 17 12:33:54 servidor kernel: [1121042.991844] INPUT_IN=eth0 OUT=
> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=128 ID=31443 PROTO=ICMP TYPE=0 CODE=0 ID=33569
> SEQ=10
>   
I do not see in this log any http (port 80 SPT=80 or DPT=80) activity....

Swifty

next prev parent reply	other threads:[~2008-12-17 14:54 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-17 13:30 Access from inside proxy to server with apache Javi Legido
2008-12-17 14:54 ` Gáspár Lajos [this message]
2008-12-17 19:51 ` Mart Frauenlob
2008-12-18 13:47   ` Javi Legido
2008-12-18 20:55     ` Mart Frauenlob
2008-12-22 13:57     ` Javi Legido

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=494912B6.3070702@freemail.hu \
    --to=swifty@freemail.hu \
    --cc=javi@legido.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox