DNAT + iptables failure

props666999 · 11-04-2005, 12:21 PM

Hello

i cannot redirect port 80 to the internal computer

eth0 real-external IP
eth2 with ip 192.168.1.2 hosts webserver on 80

unfortunately i can see the apache test page locally not externally

this is my testing script - not a real one

Code:

INET_IP="84.x.x.x" 
INET_IFACE="eth0"

LAN_IP="192.168.1.1"
LAN_IFACE="eth2"


DMZ_HTTP_IP="192.168.1.2"


O_IFACE="lo"
LO_IP="127.0.0.1"


IPTABLES="/usr/sbin/iptables"


/sbin/depmod -a




/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state



echo "1" > /proc/sys/net/ipv4/ip_forward



$IPTABLES -P INPUT ACCEPT 
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT


$IPTABLES -t nat -A PREROUTING -p TCP -i $INET_IFACE -d $INET_IP --dport 80 \
-j DNAT --to-destination $DMZ_HTTP_IP:80



$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP

any hell would be very apreaciated

Brian1 · 11-05-2005, 12:45 PM

Really don't see anything wrong. You might try it it this way. Not sure if it will make a difference. Currently no access to my books or notes.

$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP --dport 80 \
-j DNAT --to-destination $DMZ_HTTP_IP:80

Only other thought is to make sure there is no firewall on DMZ_HTTP_IP or if there is one that that port is open.
Can you access the web server from the machine?
Can the firewall machine see the web server?

Hope something might help.
Brian1

props666999 · 11-05-2005, 01:53 PM

Thanks for the reply Brian1

My problem sorted

I have eth0 (external IP ) eth1 and eth2

i 've noticed that when i place Apache behind eth1 such as 192.168.0.4

i could publish the website on the net. BUT on eth2 nothing.

What i did was updating kernel and reconfiguring the rooting table for the client on eth2

Now works fine .

Still don't know what the problem was