LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Still iptables

[ILUG] Still iptables

Dave Airlie airlied at csn.ul.ie
Tue May 29 13:26:01 IST 2001 

have a look with tcpdump on your webserver if possilbe or the internal nic
on the firewall if not .. and telnet to port 80 on your firewall from
outside and see does it send a packet to the internal server and then
unable to reply,

these rules look like they should work...

telnet port 80 on external from internal works?.. wierd..

Dave.

On Tue, 29 May 2001, Fergal Moran wrote:

> Ok - thanks to Dave Airlie - iptables is nearly working
>
> I have added only two rules
>
> iptables -A PREROUTING -t nat -p tcp -d <external_nic_addr> --dport 80 -j
> DNAT --to 192.168.1.6
>
> iptables -A POSTROUTING -t nat -s <internalnetwork>/netmask -d 0/0 -j
> MASQUERADE
>
> The measquerading part works fine - however the DNAT part only half works -
>
> if on a machine on our network I try
> http://<external_nic_addr>/
>
> it correctly transalates it to the internal webserver at 192.168.1.6
>
> however on an external machine - I get a "Page cannot be displayed" error
>
> I can ping the external address from the outside world - so that is not the
> problem and the webserver will allow connections from any IP address.
>
> If it is of any use - I have 2 external IP's on the external NIC - but am
> only attempting DNAT on one of them eth0:0 - if I run apache on the box I
> can access it using the non-DNAT'd ip address - but if I use the DNAT'd
> address then I do not see the apache web site - so some form of packet
> mangling is definitely happening.
>
> Thanks for listening
>
> Fergal.
>
>

-- 
David Airlie, Software Engineer
http://www.skynet.ie/~airlied / airlied at skynet.ie
pam_smb / Linux DecStation / Linux VAX / ILUG person

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell