I finally have the port forwarding and masquerading working, so my other computers can access the internet through my Linux box. However, I also want to run a web server on the same computer. It's not working: Apache serves web pages when I connect using computers within the network, but when I go outside the network, it doesn't work. I thought it had something to do with the internet connection sharing, but I flushed all the iptables rules, set ip_forward to "0," killed dhcpd and named, and I still cannot connect to the server from outside the network.

I have one iptables rule: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.

I'm pretty sure my ISP isn't blocking port 80, because when I kill apache, I get an error almost immediately; when I have apache running, my browser tries to connect for a while before outputting an error.

Ideas? Solutions?

Thanks in advance.

and your using a service like dyndns to access outside your network?

Aye. I actually use www.no-ip.com, but they're similar enough.

ok, let's look for tcp traffic on port 80 on the box with tcpdum por wireshark... eth0 is your external nic? so run "tcpdump -n port 80 -i eth0" to show traffic there. if you never even see a syn to the box from the remote client it's not the machine's fault... things like transparent proxies could easily fudge this up if they aren't configured right...

I see several packets heading for my computer from outside when I run that, and I also see packets heading from my internal IP back out. I'll assume this means it has something to do with my computer? Apache's configuration is the configuration that came with Slackware. I haven't changed anything yet.

well it's hard to comment too much without seeing the traffic captures, but that would suggest that it's likely to be apache itself. anything in the apache access log file? if you open that capture in wireshark then you'll be able to easily see the http conversation if it exists.

When I run wireshark on the interface and try to access my website externally, I get a bunch of TCP "Retransmission"s and TCP "Dup Ack"s. I just installed wireshark, so I'm still trying to figure out how I am to copy the traffic captures into this li'l post box.

Edit: I just tried pinging retypepassword.myftp.org (no-ip.com name), and I get replies from my external IP address, so no-ip.com is probably doing what it says it does.

I just tested my site through a proxy server, and it works. Apparently, I can't access my server from anywhere inside my network unless I use the internal IP address of my computer; this is rather odd.

oh right, you never tried it remotely????? ugh.

yes of course you can't reach it internally as the ip you connect to is on a different device, and a port forward only fowrard from the external side of the interface, not the inside, so you shouldn't be able to reach it ever.