Are these the only rules you have? Aren't there any stale rules? What happens if you flush the chains and enter these rules again?
Ramin On Tue, Apr 16, 2002 at 04:31:53PM -0400, Michael Montero wrote: > I'm a bit stumped with this one. I have the following NAT rules in: > > # > # Forward SMTP. > # > $IPTABLES -A PREROUTING -t nat -i $EXTERNAL -p tcp --dport 25 -j DNAT \ > --to 192.168.104.3:25 > $IPTABLES -A FORWARD -i $EXTERNAL -p tcp -d 192.168.104.3 --dport 25 -j > ACCEPT > > # > # Forward HTTP. > # > $IPTABLES -A PREROUTING -t nat -i $EXTERNAL -p tcp --dport 80 -j DNAT \ > --to 192.168.104.3:80 > $IPTABLES -A FORWARD -i $EXTERNAL -p tcp -d 192.168.104.3 --dport 80 -j > ACCEPT > > # > # Forward HTTPS. > # > $IPTABLES -A PREROUTING -t nat -i $EXTERNAL -p tcp --dport 443 -j DNAT \ > --to 192.168.104.3:443 > $IPTABLES -A FORWARD -i $EXTERNAL -p tcp -d 192.168.104.3 --dport 443 -j > ACCEPT > > SMTP forwards fine, HTTPS forwards fine but HTTP does not. I have no idea > why. A quick look at iptables -v -L shows this: > > 0 0 ACCEPT tcp -- ppp0 any anywhere > suction tcp dpt:smtp > 0 0 ACCEPT tcp -- ppp0 any anywhere > suction tcp dpt:http > 0 0 ACCEPT tcp -- ppp0 any anywhere > suction tcp dpt:https > > When I try to connect from outside the firewall to port 80 it just hangs. > Connecting to port 443 and 25 go through just fine. There is a web server > on port 80.....I can telnet to it from the firewall box and it is located > at 192.168.104.3. > > Am I missing something? This is killing me! I'm losing hair by the > minute here. Any help would be greatly appreciated. > >
