Hi
IPTables is driving me nuts!

Heres my situation:

A box with Slackware with a NIC (eth0) and a modem (ppp0)
eth0 has IP of 192.168.0.102/16
ppp0 always gets static IP from my ISP

I also have another box with Redhat 7.3 with one NIC (eth0)
Its IP is 192.168.0.101/16
Its running httpd on port 80

I want to be able to access the web server from outside my network - and its not working - even tho I've read loads of stuff in LQ and elsewhere (which is why its driving me nuts!)

On my firewall box, I've tried the following rule...

iptables -t nat -A PREROUTING -s ! 192.168.0.0/16 -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.101:80

...which it seems to accept happily (tho not sure I need to -s bit??)

Without this rule, when I try and connect from outside I get "Connection refused" which makes sense (no httpd on the firewall box)

With the rule, the browser says its connecting, and sits there forever.
Outgoing connections are all masqueraded fine with no problems (there are also 3 other machines on my LAN)


My guess is I'm blatantly being thick and missing something.
Any quick pointers much appreciated


-Dave

Now I'm annoyed - I was being thick!
But I have sorted it out (2 minutes after posting! Typical eh?)

I hadn't allowed any rules in the FORWARD chain, and my policy was DROP

Oh well - every day is a school day

PS - I did
iptables -A FORWARD -p tcp --dport 80 -d 192.168.0.101 -j ACCEPT

With the -s ! local bit,
use the inbuilt rp_filter, reverse path, which does this before netfilter sees the packets.

Add this to a script...

for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo "1" > ${interface}
done

Regards,
Peter