yes i did, but now i tested my own iptables script i posted and it worked same as that one. but still i cant access http from internet on my server

http://zlitrox.ath.cx

hmm but then i try to ftp from the http server to an external ftp site i came to my own ftp site on 192.168.0.3

Sorry, due to rapid updating I missed the fact that you'd posted your script...

I think the -i eth1 is your problem - incoming packets that should be forwarded to the FTP server (i.e internet packets) will arrive via eth0. This is why your local FTP packets end up at your server instead of the correct site. Try changing that and the HTTP line to -i eth0 instead, and rerun the script.

i tried to change to eth0 but im yet connecting to my own ftp site then connecting to another external on internet. Then trying to access http server from internet doesn't either work.

now i see that, then i connect to an external ftp from my computer that routes traffic it works but not from windows computer or http server.

it must be something wrong in my script but i cant understand what it is.

Looks at least like your http server is visible (?)

hmm, what do you mean that it is visible? i cant connect to that one from internet (http://zlitrox.ath.cx)

ahh you can connect to it?

thanks for the help, it is like this. My router is right, but its only in local network i cant access http://zlitrox.ath.cx but i can surf on http://192.168.0.2 or add it in /etc/hosts that 192.168.0.2 = zlitrox.ath.cx

THANKS FOR YOUR HELP! sorry for being an dumb ass

Yeah, that happens a lot - the router currently has the IP for zlitrox.ath.cx, and it has a web server for you to configure it, so it takes any port 80 packets to that IP (that come from the internal network) to be meant for itself. From outside, the web and ftp servers are working

Are you able to ftp outwards ok now?

Oh, and no-one is born with knowledge - we are all dumbasses at one point

hehe, yes i can ftp from my router and out, but if i ftp from another computer i will come to my routers ftp server.

isnt that wierd?

That seems very unusual... paste your current firewall script up if you like, maybe we can see the problem. Otherwise, if you're not worried about it staying like that, good luck for the future

echo 1 > /proc/sys/net/ipv4/ip_forward

# by default, nothing is forwarded.
iptables -P FORWARD DROP

# Allow all connections OUT and only related ones IN
#iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# enable MASQUERADING
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Open ports on router for server/services
iptables -A INPUT -j ACCEPT -p tcp --dport 21
iptables -A INPUT -j ACCEPT -p tcp --dport 80

# FTP, Port 21 Forwarded to FireWall
iptables -A FORWARD -j ACCEPT -p tcp --dport 21
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.0.3:21

# HTTP, Port 80 Forwarded to FireWall
iptables -A FORWARD -j ACCEPT -p tcp --dport 80
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.2:80

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.0.3:21

This line says "packets coming in on port 21 from eth1 should be sent to 192.168.0.3". Since eth1 is the connection to your local ethernet, your FTP packets are getting redirected to your own FTP service - I think you need to change -i eth1 to -i eth0. Same for the matching port 80 line... change them both and see if that fixes the problem. Let me know if you want me to test the external connection to HTTP as well.

i tried to change to eth1 but still didnt work.

i tried to comment out:
#iptables -A INPUT -j ACCEPT -p tcp --dport 21

# FTP, Port 21 Forwarded to FireWall
#iptables -A FORWARD -j ACCEPT -p tcp --dport 21
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to 192.168.0.3:21

but still didnt work...