LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables DNAT problem (https://www.linuxquestions.org/questions/linux-networking-3/iptables-dnat-problem-273969/)

eantoranz 01-04-2005 10:17 PM

iptables DNAT problem
 
I'm having this problem with iptables:

I have a firewall (linux) connected to the internet. It's my lan's (few computers) gateway.

I have set a web server in one of my lan's computers. I want internet's requests coming to port 9000 of my gateway to be forwarded to my internal web server (port 8888) so it can handle the requests (I'm knid of freaky.... that's why I use this ports :P).

I added one rule to PREROUTING to achieve this:

Code:

iptables -t nat -A PREROUTING -p tcp --dport 9000 -j DNAT --to-destination webserver:8888
In FORWARD, there's no rule... the policy is ACCEPT

I added one restriction to the MASQUERADE rule of POSTROUTING so that this packets (the ones i'm talking about in the problem) don't get masqueraded (I thought this was the problem... but it seems it wasn't). POSTROUTING policy is accept as well.

i have checked that the packets arriving at the port 9000 are being accounted for in iptable's rule counter (iptables -L -v).

At the web browser, i get a connection refused message. At first, i thought the traffic was having a problem because of it being masqueraded after hitting the fireall... but as I told you, that wasn't the problem, because I'm only masquerading traffic from the lan itself.

I have noticed that NO TRAFFIC is being forwarded to the web server. No request is left at the internal server's log. No traffic is incoming from the gateway (to the internal web server).

What can be the problem?

I'd appreciate any help. :) Thanks!

mkirc 08-17-2006 12:27 AM

Hi, I know this reply comes late, but I found your post when I issued a similar problem.

One friendly fellow here told me that changing the port is not a good idea for http-requests, because the port is stored in the http-headers as well !

So you cold try to change the port where youre http-sever listens to 9000, for example !

Please let me know if this was succesful !

Regards, Michael

amitsharma_26 09-12-2006 01:00 PM

Quote:

Originally Posted by eantoranz

I have noticed that NO TRAFFIC is being forwarded to the web server. No request is left at the internal server's log. No traffic is incoming from the gateway (to the internal web server).

What can be the problem?

After all that, You could probably be missing this
Code:

echo 1 > /proc/sys/net/ipv4/ip_forward
:p
Checkback.


All times are GMT -5. The time now is 06:54 AM.