From: John Allman (allmanj at domain tcd.ie)
Date: Tue 07 Aug 2001 - 20:13:33 IST
hi - i'm really sorry if this message sends twice - ireland.com crapped
out on me and i dont think it sent the mail but if it did - i'm really
really sorry
hi - i successfully set up a little firewall nat box using iptables but
have run into quite a confusing problem using DNAT. the setup is pretty
simple. i have a linux box with two network cards connected to a router on
one side and to a private 10 network on the other. the firewalling and
SNATing side of it seem to be working fine. i can connect a computer on
the private network, set the linux box as it's gateway and happily use the
services i want allowed for internal network machines.
i set up rules to do DNAT as i understood them, eg:
iptables -t nat -A PREROUTING -i eth0 -d 1.2.3.4 -p TCP --dport 80 -j DNAT
--to 10.2.3.4
where eth0 is my network card connected to the router, 1.2.3.4 would be
the public address reserved for my webserver and 10.2.3.4 would be the
private address
when i tried to connect with a browser it timed out so my first
assumption was that i had accidentally firewalled myself out. i checked
through the code and couldn't find anything so i ran tcpdump to see what i
could see.
this is where it got fruity. by using tcpdump on the two interfaces i was
able to watch the packets arrive into the linux box get nat-ed and hit the
webserver. i then saw the response go out from the webserver, hit the
linux box, get natted and leave with the correct source and destination on
eth0. but still the browser was timing out. i can only assume that messing
with the packets somehow upset the browser.
i dont know if anyone has seen this before and i am quite willing to
accept that its just me doing something stupid - i'm something of a
newbie. if anyone can help me at all i'd much appriciate it.
I'm running Mandrake 8.0 with kernel 2.4.3
thanks
John
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:30 GMT