Can you humour me, and provide the output of the following commands on all 3 of your machines (firewall machine, external test machine, internal test machine):
ifconfig route -n iptables --list -t nat iptables --list You by chance aren't running a firewall on your test webserver system? (The above commands would reveal that). The info abve may be verkill but It would help me out. To be honest this should be working for you, and your rules seem fine. On Sat, 2003-09-06 at 20:25, Alexandr Molochnikov wrote: > Another tidbit for those who are looking into my problem: > > My script now contains the following commands: > > echo ACCEPT inbound HTTP connections bound to port 80. Web Server. > > $IPTABLES -A FORWARD -s $INTERNET_IP -d $OFFICE_IP -p tcp --dport 80 -m > state --state NEW,ESTABLISHED,RELATED -j LOG --log-prefix > "#WALL:accept(fwd 80)#" > $IPTABLES -A FORWARD -s $INTERNET_IP -d $OFFICE_IP -p tcp --dport 80 -m > state --state NEW,ESTABLISHED,RELATED -j ACCEPT > $IPTABLES -t nat -A PREROUTING -p tcp -d $INTERNET_IP --dport 80 -j LOG > --log-prefix "#WALL:accept(route 80)#" > $IPTABLES -t nat -A PREROUTING -p tcp -d $INTERNET_IP --dport 80 -j DNAT > --to-destination $HTTP_SERVER:80 > > When I try to access the web server through the firewall, this is what > is logged in /var/log/messages: > > Sep 6 20:10:35 Wall kernel: #WALL:accept(route 80)#IN=eth1 OUT= > MAC=00:60:67:65:ed:ce:00:10:4b:72:b9:4b:08:00 SRC=10.0.0.2 DST=10.0.0.1 > LEN=44 TOS=0x00 PREC=0x00 TTL=128 ID=55557 DF PROTO=TCP SPT=1095 DPT=80 > WINDOW=8192 RES=0x00 SYN URGP=0 > > As you can see, the PREROUTING is logged, but FORWARD is not. Why this > happens is beyond me, but I am pretty sure that the absence of logging > and the client's inability to get through to the server are two sides of > the same coin. > > Alex. -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
