Are you sure that the incoming port 80 packets are not making it through the firewall? If they arrive on the interface ppp+
, they should be sent on. It is possible that the return packet is not being handled right, leading to a timeout just as if the incoming packet had not been forwarded.
To distinguish the different cases, I recommend using tcpdump
to trace the packets with source or destination port 80 on the local side of the firewall. I am guessing from your script that the ppp+
interface is the one that connects externally (and on which the timeouts are observed), and that the actual web server is on another machine attached to eth0
. If that is so, trace packets on eth0
Another hint may be gleaned by looking at the packet counts for the rules in the FORWARD chain, using the command
#iptables -nvL FORWARD
. If these counts increase (eg, on the DROP rules), that might indicate what is happening as well.