Last night I took your script (The very first one you posted here), tossed it on my router/firewall (Based on RH9) changed the IP addresses at the top of the script to reflect my environment. Thing worked. A box outside my firewall correctly had packets sent to a webserver on my lan. Requests to the webserver were fulfilled and data returned.
There seems to be some conflict with your configuration. For instance, how is 192.168.1.1 (Your prouction firewall) connected?? Can you tell me if you have switches an hubs connected to this environment? Is it possible that 2 machines have the same IP address??? Besides the 2 test computers and the firewall machine (The test one using RH9) is there other equipment that can interfere? If there is, can you remove all equipment except for the 3 machines in question from the network? Mike On Mon, 2003-09-08 at 15:07, Alexandr Molochnikov wrote: > Further to my report on progress (or lack of thereof): I inspected > access.log file mainatined by Apache Web server running on that machine. > To refresh, here is the current setup on our network: > > Client machine IP = 10.0.0.2 > Linux dual-homed machine: IP1 = 10.0.0.1, IP2 = 192.168.1.23 > Web server machine IP = 192.168.1.250 > > The Linux machine is supposed to do NAT and map all packets destined for > 10.0.0.1:80 to 192.168.1.250:80. > > When the Linux machine is powered off, the client (10.0.0.2) cannot ping > the server (192.168.1.250), and cannot connect to the web server either. > No surprise so far. > > When the Linux machine is on, the client can ping the server, and the > client's attempt to contact the web server is logged in access.log file > on the server machine (IP 10.0.0.2 is shown in the HTTP request log > record). The point of the matter is that IPTABLES was not running on the > router at that time! And when IPTABLES was running, the web server STILL > recorded the HTTP request coming from 10.0.0.2. In both cases, the > response from the web server was never received, and the client's > browser just timed out. > > I thought that the packets cannot get from one NIC to another without > NAT provided by IPTABLES. Could there be something that shortcircuits > IPTABLES when it runs, and thus effectively disables packet forwarding? > > Can anyone shed some light to this mystery? > > Thanks, > > Alex. -- Mike Petch CApp::Sysware Consulting Ltd. Suite 1002,1140-15th Ave SW. Calgary, Alberta, Canada. T2R 1K6. (403)804-5700.
signature.asc
Description: This is a digitally signed message part
