On Sunday 13 July 2003 5:35 pm, Jorge Uma�a wrote: > This is off-toppic
You're right, it is - there is a very good netfilter mailing where this question more properly belongs... However... > I have an web server in windows inside my LAN but my public ip address is > in my LINUX firewall where is found the SQUID proxy, I need to send all the > packages that comming for the 80 port to my web server If you have Squid on the Linux box, why are you trying to use packet filtering / NAT to redirect requests to yoour web server? You seem to be confusing two types of firewalling: packet filtering vs. application layer proxying, and although yu can do both on one machine, why try? > I am using this chain but it does not work. > > iptables -t nat -A PREROUTING -p tcp -d $ipPUBLIC --dport 80 -j DNAT > --to-destination $webServer 1. Do you have an appropriate FORWARD rule to allow the packets through the machine as well? 2. Do you have /proc/sys/net/ipv4/ip_forward = 1 so the box will forward packets at all? 3. Does Squid listen on port 80 (transparent mode) or 3128 (standard proxyign mode). If transparent, it may be interfering with the packets through the Linux machine. 4. If you use the command "iptables -L -t nat -n -v -x" do you see non-zero values for the packet and byte counters on the above rule? (ie are any packets matching the rule and being NATted, but then blocked somewhere else) 5. Does your ISP block incoming TCP Port 80 traffic,to stop people running web servers on home connections ? Just a few thoughts. If these don'tsolve it I recommend [EMAIL PROTECTED] Regards, Antony. -- Wanted: telepath. You know where to apply.
