LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 03-23-2004, 11:53 PM   #1
iel
LQ Newbie
 
Registered: Mar 2004
Posts: 7

Rep: Reputation: 0
Can't browse internal web server using iptables


hi all,

Pls. help me i think i miss one on my script. My problem is after i setup my rh 9.0 linux firewall/router, my internal network can browse internet using script that i got on this forum but i can't browse my internal web server using public ip i use to connect to the internet configure on my RH box but when i use other connection like dialup or other ISP connection not using IP block that i used for my internet gateway I can succesfully load a page. What do you think i miss on my script, these are some part of my script under IP MASQUERADE to route my internal web server.

iptables -t nat -A POSTROUTING -s $internal -j SNAT --to $external
iptables -t nat -A PREROUTING -i eth0 -p tcp 80 -j DNAT --to $internal

thanks in advance
 
Old 03-24-2004, 02:29 AM   #2
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
your web server is in same network with your clients? please give us more info about your network.
 
Old 03-24-2004, 03:21 AM   #3
iel
LQ Newbie
 
Registered: Mar 2004
Posts: 7

Original Poster
Rep: Reputation: 0
macut,

yes sir, my web server is in same network (192.168.10.x ), i can browse internet passing to my linux firewall/router but when i try to browse my internal webserver (192.168.10.10) using the public ip assign on my linux external interface it return page can't display message.

When i reconfigure my workstation and use my other firewall running windows ISA and browse the public IP of my linux box i can see the page.

I hope it help to figure out what i miss on my script.

Again thanks in advance
 
Old 03-24-2004, 03:38 AM   #4
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
iel

i wish u would type my nick correctly, but its ok.

MS ISA isnt good enough. it doesnt support some ports to make NAT. example your clients cant access tcp 8443 port of an internet server.

i am not sure if u can configure like this. cos your web server is in same network with other clients. i didnt see any example configuration like this on the web. u may try to DNAT for local clients if http packets go to external interface of web server.. like this:

iptables -t nat -A PREROUTING -s 192.168.10.0/24 -d external_web_ip -p tcp --dport 80 -j DNAT --to 192.168.10.10

it may not work correctly. let me know if it works?
 
Old 03-24-2004, 08:08 PM   #5
iel
LQ Newbie
 
Registered: Mar 2004
Posts: 7

Original Poster
Rep: Reputation: 0
HI maxut,

sorry for wrong nick that i used....

still is not working...

rgds
 
Old 03-24-2004, 10:42 PM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
I'm having a problem following part of your question. Can you browse your website from the internet. I.E from an offsite web-browser.

Can you browse your web-server from another computer on your local network using the servers local network ip address?

Last edited by jschiwal; 03-24-2004 at 10:44 PM.
 
Old 03-25-2004, 12:53 AM   #7
spurious
Member
 
Registered: Apr 2003
Location: Vancouver, BC
Distribution: Slackware, Ubuntu
Posts: 558

Rep: Reputation: 31
It would probably be best if you posted your entire iptables script.
 
Old 03-25-2004, 12:56 AM   #8
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
actually if your web server was in an another network, your LAN clients could access it from external ip... can u move web server to different network segment? like 192.168.0.0/24. it will be called DMZ.. you will also need to add one more NIC to linux.
it will certainly work.

take a look http://iptables-tutorial.frozentux.n...-tutorial.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba help, internal web server Caloris Linux - Networking 2 09-14-2004 07:35 PM
Access internal web server by name LoRd Of XAoS Linux - Software 2 07-02-2004 03:56 PM
iptables does not allow me to access internal web server. JawjLindo Linux - Security 2 11-10-2003 02:23 PM
internal IP based web server. tusher Linux - Newbie 3 11-04-2003 12:26 PM
internal web server wants out Heaven_Hell Linux - Networking 1 06-12-2003 01:04 PM


All times are GMT -5. The time now is 01:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration