iptables not routing internal network
I am trying to set up a web server which would face the outside but also the internal network and work as a router for the internal network at the same time. The NAT and server from the outside work fine, but I cannot access the web server from the internal network (addresses 192.168.1.0/24). The server lan interface is 192.168.1.1. I cannot find the problem. I tried to set up iptables logging but did not find anything useful. Bearing in mind that I am a linux newbie, can you spot any problem in my iptables script? Much appreciated.
===================Here is the script I invoke to start iptables.
#iptables firewall script for sharing
#broadband Internet, with no public services
# Flush all active rules and delete all custom chains
$ipt -t nat -F
$ipt -t mangle -F
$ipt -t nat -X
$ipt -t mangle -X
#basic set of kernel modules
#Set default policies
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
$ipt -t nat -P OUTPUT ACCEPT
$ipt -t nat -P PREROUTING ACCEPT
$ipt -t nat -P POSTROUTING ACCEPT
$ipt -t mangle -P PREROUTING ACCEPT
$ipt -t mangle -P POSTROUTING ACCEPT
#this line is necessary for the loopback interface
#and internal socket-based services to work correctly
$ipt -A INPUT -i lo -j ACCEPT
#Enable IP masquerading
$ipt -t nat -A POSTROUTING -o $WAN_IFACE -j SNAT --to-source "ext.IP"
#Enable unrestricted outgoing traffic, incoming
#is restricted to locally-initiated sessions only
$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ipt -A FORWARD -i $WAN_IFACE -o $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$ipt -A FORWARD -i $LAN_IFACE -o $WAN_IFACE -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#Reject connection attempts not initiated from inside the LAN
$ipt -A INPUT -p tcp --syn -j DROP
Well, from what I can see, I think you might be missing a rule to allow a connection from within the LAN to connect to the interface that is in the LAN on your webserver/router. Something to the effect of:
HTH. Let us know.
Yes, your suggestion made the difference. Lovely :-)
Don't forget to add [SOLVED] to the title of your initial post. :)
Have a great one!
|All times are GMT -5. The time now is 01:17 AM.|