LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-04-2005, 10:17 PM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
iptables DNAT problem


I'm having this problem with iptables:

I have a firewall (linux) connected to the internet. It's my lan's (few computers) gateway.

I have set a web server in one of my lan's computers. I want internet's requests coming to port 9000 of my gateway to be forwarded to my internal web server (port 8888) so it can handle the requests (I'm knid of freaky.... that's why I use this ports :P).

I added one rule to PREROUTING to achieve this:

Code:
iptables -t nat -A PREROUTING -p tcp --dport 9000 -j DNAT --to-destination webserver:8888
In FORWARD, there's no rule... the policy is ACCEPT

I added one restriction to the MASQUERADE rule of POSTROUTING so that this packets (the ones i'm talking about in the problem) don't get masqueraded (I thought this was the problem... but it seems it wasn't). POSTROUTING policy is accept as well.

i have checked that the packets arriving at the port 9000 are being accounted for in iptable's rule counter (iptables -L -v).

At the web browser, i get a connection refused message. At first, i thought the traffic was having a problem because of it being masqueraded after hitting the fireall... but as I told you, that wasn't the problem, because I'm only masquerading traffic from the lan itself.

I have noticed that NO TRAFFIC is being forwarded to the web server. No request is left at the internal server's log. No traffic is incoming from the gateway (to the internal web server).

What can be the problem?

I'd appreciate any help. Thanks!

Last edited by eantoranz; 01-04-2005 at 10:21 PM.
 
Old 08-17-2006, 12:27 AM   #2
mkirc
Member
 
Registered: Apr 2006
Location: Vienna-Austria
Distribution: Suse 10.x, Fedora, DSL
Posts: 63

Rep: Reputation: 15
Hi, I know this reply comes late, but I found your post when I issued a similar problem.

One friendly fellow here told me that changing the port is not a good idea for http-requests, because the port is stored in the http-headers as well !

So you cold try to change the port where youre http-sever listens to 9000, for example !

Please let me know if this was succesful !

Regards, Michael
 
Old 09-12-2006, 01:00 PM   #3
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Quote:
Originally Posted by eantoranz

I have noticed that NO TRAFFIC is being forwarded to the web server. No request is left at the internal server's log. No traffic is incoming from the gateway (to the internal web server).

What can be the problem?
After all that, You could probably be missing this
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward

Checkback.

Last edited by amitsharma_26; 09-12-2006 at 01:04 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables DNAT redirect to web server problem mitzadej Linux - Networking 6 11-27-2005 10:59 AM
iptables DNAT pshepperd Linux - Security 1 05-22-2004 03:56 PM
Strange problem about iptables DNAT. zufeng Linux - Networking 1 06-28-2003 11:09 AM
problem about iptables DNAT. zufeng Linux - Security 3 06-19-2003 09:29 AM
iptables DNAT bentz Linux - Networking 15 05-19-2003 01:17 PM


All times are GMT -5. The time now is 06:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration