From: Dave Airlie (airlied at domain csn.ul.ie)
Date: Tue 29 May 2001 - 12:42:55 IST
try telnetting port 80 on the firewallfrom outside and see what it says
...
web-browsers hide a lot of info..
Dave
On Tue, 29 May 2001, Fergal Moran wrote:
> Ok - thanks to Dave Airlie - iptables is nearly working
>
> I have added only two rules
>
> iptables -A PREROUTING -t nat -p tcp -d <external_nic_addr> --dport 80 -j
> DNAT --to 192.168.1.6
>
> iptables -A POSTROUTING -t nat -s <internalnetwork>/netmask -d 0/0 -j
> MASQUERADE
>
> The measquerading part works fine - however the DNAT part only half works -
>
> if on a machine on our network I try
> http://
>
> it correctly transalates it to the internal webserver at 192.168.1.6
>
> however on an external machine - I get a "Page cannot be displayed" error
>
> I can ping the external address from the outside world - so that is not the
> problem and the webserver will allow connections from any IP address.
>
> If it is of any use - I have 2 external IP's on the external NIC - but am
> only attempting DNAT on one of them eth0:0 - if I run apache on the box I
> can access it using the non-DNAT'd ip address - but if I use the DNAT'd
> address then I do not see the apache web site - so some form of packet
> mangling is definitely happening.
>
> Thanks for listening
>
> Fergal.
>
>
-- David Airlie, Software Engineer http://www.skynet.ie/~airlied / airlied at domain skynet.ie pam_smb / Linux DecStation / Linux VAX / ILUG person
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:29 GMT