-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 S. C. wrote:
> My merchine eth0 is 192.168.8.50 > > modprobe iptable_nat > echo "1">/proc/sys/net/ipv4/ip_forward > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to > 192.168.8.55:80 > I'm a bit confused. At first I assumed that you were hosting a web server on your lan, and wanted to allow public access from the internet. But looking at it now it seems you are redirecting local traffic to another local machine -- all on the 192.168.8.0/24 network. IF that's the case, why redirect? Just have local users go directly to the web server. If you try to redirect, you're going to have issues because everything is on the same lan. Check it out. Your client browser wants to go to the web server. It initially goes to the firewall and the packet is redirected to the web server. The web server sees the origin ip address of the client. It is on the same network as the web server. No need to go thru the firewall/gateway, the web server just sends a packet back to the client directly. But... the client is expecting the packets to come from the firewall/gateway, so it drops the packets from teh web server because it can't match it up to any known stream. You could try to NAT it, but I don't see why you don't just have local clients connect directly. Or you could run apache on the firewall and do an http redirect... - -- /phil -----BEGIN PGP SIGNATURE----- Comment: Public Key: http://www.dyermaker.org/gpgkey.asc iD8DBQFCCXqu0q9tKssDeQcRApijAJ45Hq1795RjBuTCremVPd8HKqBf8ACfe/SM PvhI4qfZ1cRGCqmYYyATtG4= =v79O -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
