On Fri, 2005-08-26 at 22:42 -0700, BIJU KRISHNAN wrote: > Dear Luggers, > > I need some help on iptables > > ----------------- Req ----------------------------- > The setup is as shown > > C > l > i [192.168.109.40] > e---->eth0 eth1--------> > SunServer[internet] > n [192.168.111.40] listens on 443 > t > s > > The clients can connect only to port 80 of the proxy > as the software is designed such. > > ---------what i've done------------------ > > iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp > --dport 80 -j DNAT --to-destination 192.18.128.177:443 > > iptables -t nat -A POSTROUTING -p tcp -m tcp --sport > 443 -j SNAT --to-source 192.168.111.40 > > iptables -t nat -A POSTROUTING -o eth1 -j SNAT > --to-source 192.168.109.40 > > -------- how it works ------------------- > > There is no daemon listening on port 80 of the proxy. > > When i telnet to port 80 of the proxy from one of the > clients, i get connected but the conection is not > persistent. When i press enter the connection is lost. > > #telnet 192.168.111.40 80 > Trying 192.168.111.40... > Connected to 192.168.111.40. > Escape character is '^]'. > ^] > telnet>
Why do you have the second rule? It is forcing the replies to clients packets go out with source port 443 instead of source port of 80. (Since client packets are sent to port 80, replies should also go from port 80.) Amitay. -- Success comes before work only in the dictionary. -- http://mm.ilug-bom.org.in/mailman/listinfo/linuxers
