Another tidbit for those who are looking into my problem: My script now contains the following commands:
echo ACCEPT inbound HTTP connections bound to port 80. Web Server. $IPTABLES -A FORWARD -s $INTERNET_IP -d $OFFICE_IP -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j LOG --log-prefix "#WALL:accept(fwd 80)#" $IPTABLES -A FORWARD -s $INTERNET_IP -d $OFFICE_IP -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $INTERNET_IP --dport 80 -j LOG --log-prefix "#WALL:accept(route 80)#" $IPTABLES -t nat -A PREROUTING -p tcp -d $INTERNET_IP --dport 80 -j DNAT --to-destination $HTTP_SERVER:80 When I try to access the web server through the firewall, this is what is logged in /var/log/messages: Sep 6 20:10:35 Wall kernel: #WALL:accept(route 80)#IN=eth1 OUT= MAC=00:60:67:65:ed:ce:00:10:4b:72:b9:4b:08:00 SRC=10.0.0.2 DST=10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=55557 DF PROTO=TCP SPT=1095 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 As you can see, the PREROUTING is logged, but FORWARD is not. Why this happens is beyond me, but I am pretty sure that the absence of logging and the client's inability to get through to the server are two sides of the same coin. Alex.
