Hi Manish,

Thanks a lot for your time.

> > All the visitors are from the both LAN and outside LAN. All visitors
> > visit my webserver as http://www.mydomain.com and for all visitors' ip
> > loged in apache always as 192.168.1.x. I'm not using any SNAT rules on
> > both firewall and gateway using only DNAT.
> >
> > On Firewall,
> > iptables -A PREROUTING -t nat -j DNAT -p tcp -d MYPUBLIC_IP --dport 80
> > --to 192.168.1.w:80
> >
> > On Gateway/ProxyServer
> > iptables -A PREROUTING -t nat -j DNAT -p tcp -d 192.168.1.w --dport 80
> > --to 192.168.2.w:80
>
> The only logical reason which came to my mind was existence of some SNAT
> rule at the firewall box, which you have ruled out. Could there be some
> side effect of multiple port forwarding using 2 DNAT rules ;-) ? I think
> you can post your problem on the netfilter mailing list.

I'm 100% sure, there are not exist any SNAT rule on Firewall box. 

> For the time being, if you put your webserver right after the first
> firewall box and give it an IP address 192.168.1.W and use the DNAT rule
> on firewall box to direct traffic to it, it should solve your problem.

I'm also thinking so.
Actually, the webserver's file system is accessed by developers very 
frequently, thats why i've put webserver in MY LAN.

> Why do you have two levels of firewalling ?

 I've two levels of firewalling just for extra security.

Regards,
Abhiram

_______________________________________________
ilugd mailinglist -- [email protected]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[email protected]/

Reply via email to