In one of your posts you mentioned that the web server is not directly
connected to the internet. That caused me to think about it's routing
configuration... Does this server (10.30.143.1) have a route to get
back to the NAT box (10.30.142.12)? If not then your packets may be
getting NATed
to the web server, but the response may not be coming back. For
starters, try accessing 'http://10.30.143.1' from 10.30.142.12. If
that works, then it isn't a routing problem. If that doesn't work,
then no amount of tweaking of your iptables rules will help.
Another possible problem that you may be having is due to how you're
accessing the NATed service. Are your trying to access it from a third
computer on the other side of the NAT box, or from that box itself? I
know it can be tricky to get a packet originating from the NAT server
itself to be properly processed by the iptables rules. You should be
running your test connection to 'http://10.30.142.12' from a client
machine on the 10.30.142.x subnet, not from 10.30.143.x or from the
router itself.
dave p.
[EMAIL PROTECTED] wrote:
done
ruter-deb:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT tcp -- 10.30.142.12 anywhere tcp dpt:www
to:10.3
0.143.1
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but when from my computer i do http://10.30.142.12
nothing happends
:(
You're not listing out the correct iptables rules to see your nat rule.
Try this:
iptables -t nat -L
[EMAIL PROTECTED] wrote:
but
[EMAIL PROTECTED] wrote:
hello list
im trying to nat some address here but nothing happeds
check this rule
what is wrong in there=?
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
## Empezamos a filtrar
## Nota: eth0 es el interfaz conectado al router y eth1 a la LAN
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT
iptables -t nat -A PREROUTING --dst 10.30.142.12 -p tcp --dport 80 -j
DNAT
\--to-destination 10.30.143.1
echo 1 > /proc/sys/net/ipv4/ip_forward
HI
You forgot the FORWARD
i.e. iptables -t filter -A FORWARD --dst 10.30.142.12 -p tcp --dport 80
-J
ACCEPT
now my table is whowing this
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- !10.30.142.3 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 10.30.142.12 tcp dpt:80
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
what about 10.30.143.1 ?
i thing on 10.30.143.1 is where i have running the webserver
but i want open the webserver on 10.30.142.12
HTH
Kind Regards
Brent Clark
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
-------------------------------------------------
Luis A. Rondon Paz
L I N U X .~. Admin intranet CNT
The Choice /V\ icq #132736035
of a GNU /( )\ [EMAIL PROTECTED]
Generation ^^-^^ Santiago de cuba
UONET
###########
###############
#### ####
- ,$$P' ###
- ',$$P ,-*** ###
- `d$$' ,## * ###
- $$P ## * ###
- $$: ## - ###
- $$; ### ###
- Y$$. ` #######
- `$$b "-.__
- `Y$$b
- `Y$$.
- `$$b.
- `Y$$b.
- `"Y$b._
-------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]
-------------------------------------------------
Luis A. Rondon Paz
L I N U X .~. Admin intranet CNT
The Choice /V\ icq #132736035
of a GNU /( )\ [EMAIL PROTECTED]
Generation ^^-^^ Santiago de cuba
UONET
###########
###############
#### ####
- ,$$P' ###
- ',$$P ,-*** ###
- `d$$' ,## * ###
- $$P ## * ###
- $$: ## - ###
- $$; ### ###
- Y$$. ` #######
- `$$b "-.__
- `Y$$b
- `Y$$.
- `$$b.
- `Y$$b.
- `"Y$b._
-------------------------------------------------
|
