LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 12-28-2007, 07:07 AM   #1
livetoday
Member
 
Registered: Jun 2006
Location: India
Distribution: RHEL,Suse,Fedora
Posts: 106

Rep: Reputation: 15
IPtables: Can not access web server from outside the firewall


I have one test web server that has a public (x.x.x.195)and private ip (172.25.20.9)

Now I want to do natting in iptables so I disabled the public ip and tried to do using following entries in /etc/sysconfig/iptables.

:PREROUTING ACCEPT [138:27825]
:POSTROUTING ACCEPT [3:238]
:OUTPUT ACCEPT [1:84]
-A PREROUTING -d X.X.X.195 -i eth0 -j DNAT --to-destination 172.25.20.9
-A POSTROUTING -s 172.25.20.9 -o eth1 -j SNAT --to-source X.X.X.195
COMMIT
# Completed on Fri Dec 28 18:16:13 2007
# Generated by iptables-save v1.2.11 on Fri Dec 28 18:16:13 2007
*filter
:INPUT ACCEPT [330:35182]
:FORWARD ACCEPT [2:168]
:OUTPUT ACCEPT [31:3332]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth1 -p tcp -m

However, I am not able to ping the public ip and getting destination host unreachable error . I can not access the web server using web browser Browser gives error "server refused the connection".

Kindly let me know what I need to change in iptables.
 
Old 12-28-2007, 09:12 AM   #2
TylerD75
Member
 
Registered: Aug 2004
Location: Norway
Distribution: Gentoo
Posts: 94

Rep: Reputation: 17
Hmm, not quite sure what you're trying to do?

First off, I recommend you either run iptables commands from the command-line, or use a bash script to run the commands for you.

You're editing the iptables-save file, which is NOT the way to do it...

And when it comes to the forwarding you're trying to set up, why? Why are you forwarding requests from the external interface to the internal?
This looks very strange, especially when you can setup apache (and probably ALL other webservers) to use both internal and external IPs.

And: If you disable the external IP, is it really a mystery why you can't ping it? Or did I misunderstand?

Hope this helps? If not, I suggest you describe the problem a little bit. What are you trying to do? Do you have a vhost on the internal IP that you want to have working on the external ip?

I get the feeling this is an apache config problem, not iptables?
 
Old 12-31-2007, 04:40 AM   #3
livetoday
Member
 
Registered: Jun 2006
Location: India
Distribution: RHEL,Suse,Fedora
Posts: 106

Original Poster
Rep: Reputation: 15
Thanks for the response...here is simplified version of my problem..

I have installed web server on 172.25.20.9 and I want it to be accessible from outside firewall.

I want each request to come to firewall server and the firewall server should forward it to the internal web server (172.25.20.9).

Firewall server external ip is x.x.x.195 and the interface is eth0.
internal ip is 172.25.20.7 and able to ping 172.25.20.9


I have made default policy of each chain is to ACCEPT and also added the following rule.

iptables -t nat -A PREROUTING -i eth0 -d x.x.x.195 -p tcp --dport 80 -j DNAT --to-destination 172.25.20.9

iptables -t filter -L output is:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Still getting the error "connection refused" ...what other rules I need to add ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 05:11 PM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 11:27 AM
cant access web server behind NAT/firewall vermaamitabh Linux - Security 3 11-10-2004 11:43 AM
iptables does not allow me to access internal web server. JawjLindo Linux - Security 2 11-10-2003 02:23 PM
Trying to forward web traffic through firewall w/ IPTABLES ShinySteelRobot Linux - Networking 6 08-17-2003 05:43 PM


All times are GMT -5. The time now is 02:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration