iptables DNAT redirect to web server problem
first of all i tell you what my problem is ..
1. i have my linux box that works as a router and does NAT i have eth0 - external ip 82.77.xxx.xxx eth1 - internal ip 192.160.0.1 i have a ip camera inside my internal network that has incorporated a web server - 192.168.0.54 all i want to do is to redirect all incomming requests from the internet to eth0 on port 80 to the ip camera i`ve tried BOX# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.54:80 it doesn`t work if any of you have a sollution for my problem i`d be glad to hear it |
It looks correct to me.
Can you give a "iptables -t nat -L", "iptables -t mangle -L" and "iptables -t filter -L" output please? |
rce:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:www to:192.168.0.54:80 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination rce:~# iptables -t mangle -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination rce:~# iptables -t filter -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
hmmm...
maybe try using the adress instead of the interface : -d 82.77.xxx.xxx instead of -i eth0 When you say 'it doesn't work', how did you test? Did you do it from your local network or from another computer on the internet (because it shouldn't work from your local network since traffic isn't coming from eth0)? |
dnat problems
I'm facing a similar problem with dnat. I set up my firewall to forward port 80 traffic to internal webserver and everything was working fine for over a week... then suddenly everything went down. So i checked by loggin into the firewall and using iptraf. iptraf shows traffic (Tcp Syn) packets coming in from outside and being sent to internal webserver. The internal webserver does not show any traffic coming in when i check via tcpdump. I restarted the firewall thinking maybe some module went crazy or something and might get fixed when i restart... all in vain... if anyone has any idea.... plz let me know... oh yeah one more thing... between the time that it was working and when it was not working i changed absolutely NOTHING on the firewall...
regards, Bilal. |
Try this 'iptables -t nat -A PREROUTING -i eth0 -p tcp -d 87.xxx.xxx.xxx --dport 80 -j DNAT --to 192.168.0.54:80'. Also just confirm that 'ip forwarding' is enables.
|
dnat problem rephrased :D
hi there.
let me explain once again. this time all internal network. I have 3 machines 1. Firewall + Router with eth0 eth1 and ppp0 (we will only deal with eth0) 10.0.0.1 2. PC 10.0.0.100 3. Webserver (ssh enabled) 10.0.0.10 I added the following rule to my firewall machine. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9999 -j DNAT --to 10.0.0.10:22 This is just for testing dnat so i can ssh from my pc to firewall:9999 so i can connect to webserver_SSH:22 :D now the iptraf of firewall shows the following when i try to connect to firewall:9999 ┌10.0.0.100:1270 = 2 96 S--- eth0 │ │└10.0.0.1:9999 = 0 0 ---- eth0 │ │┌10.0.0.100:1270 = 2 96 S--- eth0 │ 10.0.0.10:22 = 0 0 ---- eth0 │ hence showing Syn packets going to 10.0.0.10 (webserver). The webserver's iptraf shows : 10.0.0.100:1270 = 2 94 RESET eth0 10.0.0.10:22 = 1 48 S-A- eth0 ok so i started doubting the dnat of firewall (still not sure if that's the problem) so i tried to dnat from another port to firewall's ssh.. like this : iptables -t nat -A PREROUTING -p tcp -d 10.0.0.1 --dport 9999 -j DNAT --to 10.0.0.1:22 -i eth0 The funny thing is that this works :D now i'm totally lost. what is the problem here. can anyone help? regards. Bilal. |
All times are GMT -5. The time now is 09:17 PM. |