Hi Shawn, Nothing is jumping out at me as being the problem....
Are the IPs and masks correct? Is the internal server using the firewall as a gateway? This could be the problem because when you access it via the external address from your workstation, the IP is SNATed to the firewalls internal IP. Otherwise the connection will only be DNATed so the server will see the real external IP of the client and must return through the firewall. You might want to use tcpdump in conjunction with some -j LOG targets to narrow this down Wade. On Tue, 2003-01-14 at 23:24, Shawn Grover wrote: > I've implemented Wade's suggested script changes, and am able to browse the > web fine, and access the web server from my internal workstation (via the > local IP address, or the external IP address). However, I cannot access the > webserver from an external computer (i.e. not on my LAN). I tried accessing > it by IP address only - I'm still having some issues with name resolution, > and DNS (looks like nsupdate might help - needs more study though). > > Wade - Thanks for the SNAT tips - much faster response times from the router > now. > > I'm posting my firewall script here for anyone to comment on, and possibly > offer suggestions on how to allow external access to my web server. Note: > I have the default policy for the FORWARD chain set to ACCEPT for > testing/debugging purposes. When I'm sure everything is working the way I > want it, I'll change this to drop and change my script accordingly. The > script was kludged together from various sources (including Wade), and my > own findings from researching IPTables and IP Forwarding. > > Thanks for the help and support! > > Shawn >
