Hi

I'm on a dilemma and I really don't know where to pull my hat.
So, I'll try to be short and concise.
I have a web-server listening on default port behind a firewall (netfilter/iptables). I have made a port forward on router to web-server like this: -A PREROUTING -i eth0 -d xx.xx.xx.xx -p tcp --dport 80 -j DNAT --to-destination 192.168.7.128:80
It's working fine from internet but I can't access my website from lan.
All lan hosts go thru a proxy before hitting the internet but all website's work just our website, behing network doesn't.
This is the rule that forces lan hosts to go thru proxy:
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.7.125:8080
What should I look for ? It worked before when I had httpd installed on current firewall box but.

I'd think that as you're apparently behind both of these boxes you're having asymmetric routing as there is no source nat. so your request heads out towards the net, gets bounced back via iptables to the internal host. The internal host then knows your real source IP address so forwards the traffic directly back to you, which could cause plenty of issues with other routers in the way. Also though, you've not mentioned an "inside" interface rule for this redirect, should you not be prerouting on eth1 as well as eth0 on this "router" box?

1 members found this post helpful.