I'm having this problem with iptables:
I have a firewall (linux) connected to the internet. It's my lan's (few computers) gateway.
I have set a web server in one of my lan's computers. I want internet's requests coming to port 9000 of my gateway to be forwarded to my internal web server (port 8888) so it can handle the requests (I'm knid of freaky.... that's why I use this ports :P).
I added one rule to PREROUTING to achieve this:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 9000 -j DNAT --to-destination webserver:8888
In FORWARD, there's no rule... the policy is ACCEPT
I added one restriction to the MASQUERADE rule of POSTROUTING so that this packets (the ones i'm talking about in the problem) don't get masqueraded (I thought this was the problem... but it seems it wasn't). POSTROUTING policy is accept as well.
i have checked that the packets arriving at the port 9000 are being accounted for in iptable's rule counter (iptables -L -v).
At the web browser, i get a connection refused message. At first, i thought the traffic was having a problem because of it being masqueraded after hitting the fireall... but as I told you, that wasn't the problem, because I'm only masquerading traffic from the lan itself.
I have noticed that NO TRAFFIC is being forwarded to the web server. No request is left at the internal server's log. No traffic is incoming from the gateway (to the internal web server).
What can be the problem?
I'd appreciate any help.
Thanks!