LinuxQuestions.org - Can't browse internal web server using iptables

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - Can't browse internal web server using iptables (https://www.linuxquestions.org/questions/linux-networking-3/cant-browse-internal-web-server-using-iptables-161663/)

iel	03-23-2004 11:53 PM

Can't browse internal web server using iptables

hi all,

Pls. help me i think i miss one on my script. My problem is after i setup my rh 9.0 linux firewall/router, my internal network can browse internet using script that i got on this forum but i can't browse my internal web server using public ip i use to connect to the internet configure on my RH box but when i use other connection like dialup or other ISP connection not using IP block that i used for my internet gateway I can succesfully load a page. What do you think i miss on my script, these are some part of my script under IP MASQUERADE to route my internal web server.

iptables -t nat -A POSTROUTING -s $internal -j SNAT --to $external
iptables -t nat -A PREROUTING -i eth0 -p tcp 80 -j DNAT --to $internal

thanks in advance

maxut

03-24-2004 02:29 AM

your web server is in same network with your clients? please give us more info about your network.

iel	03-24-2004 03:21 AM

macut,

yes sir, my web server is in same network (192.168.10.x ), i can browse internet passing to my linux firewall/router but when i try to browse my internal webserver (192.168.10.10) using the public ip assign on my linux external interface it return page can't display message.

When i reconfigure my workstation and use my other firewall running windows ISA and browse the public IP of my linux box i can see the page.

I hope it help to figure out what i miss on my script.

Again thanks in advance

maxut

03-24-2004 03:38 AM

iel

i wish u would type my nick correctly, but its ok.

MS ISA isnt good enough. it doesnt support some ports to make NAT. example your clients cant access tcp 8443 port of an internet server.

i am not sure if u can configure like this. cos your web server is in same network with other clients. i didnt see any example configuration like this on the web. u may try to DNAT for local clients if http packets go to external interface of web server.. like this:

iptables -t nat -A PREROUTING -s 192.168.10.0/24 -d external_web_ip -p tcp --dport 80 -j DNAT --to 192.168.10.10

it may not work correctly. let me know if it works?

iel	03-24-2004 08:08 PM

HI maxut,

sorry for wrong nick that i used....

still is not working...

rgds

jschiwal

03-24-2004 10:42 PM

I'm having a problem following part of your question. Can you browse your website from the internet. I.E from an offsite web-browser.

Can you browse your web-server from another computer on your local network using the servers local network ip address?

spurious

03-25-2004 12:53 AM

It would probably be best if you posted your entire iptables script.

maxut

03-25-2004 12:56 AM

actually if your web server was in an another network, your LAN clients could access it from external ip... can u move web server to different network segment? like 192.168.0.0/24. it will be called DMZ.. you will also need to add one more NIC to linux.
it will certainly work.

take a look http://iptables-tutorial.frozentux.n...-tutorial.html

All times are GMT -5. The time now is 05:32 AM.