Further to my report on progress (or lack of thereof): I inspected access.log file mainatined by Apache Web server running on that machine. To refresh, here is the current setup on our network:
Client machine IP = 10.0.0.2 Linux dual-homed machine: IP1 = 10.0.0.1, IP2 = 192.168.1.23 Web server machine IP = 192.168.1.250 The Linux machine is supposed to do NAT and map all packets destined for 10.0.0.1:80 to 192.168.1.250:80. When the Linux machine is powered off, the client (10.0.0.2) cannot ping the server (192.168.1.250), and cannot connect to the web server either. No surprise so far. When the Linux machine is on, the client can ping the server, and the client's attempt to contact the web server is logged in access.log file on the server machine (IP 10.0.0.2 is shown in the HTTP request log record). The point of the matter is that IPTABLES was not running on the router at that time! And when IPTABLES was running, the web server STILL recorded the HTTP request coming from 10.0.0.2. In both cases, the response from the web server was never received, and the client's browser just timed out. I thought that the packets cannot get from one NIC to another without NAT provided by IPTABLES. Could there be something that shortcircuits IPTABLES when it runs, and thus effectively disables packet forwarding? Can anyone shed some light to this mystery? Thanks, Alex.
