Right, before I start, I really must emphasise the fact that I really am a Linux newbie. About as new as you can get :P
I was running a Windows 2K box as my server/gateway, but have since decided to move to Linux. I have a comprehensive website written in ColdFusion on the 2K box, but don't have the Linux version of CF at the moment, but would like to keep my website up online until I have moved it into PHP or got a Linux version of CF... whatever.
I've been told that I can set my Linux box up to "bounce" requests on port 80 to my 2K machine and thus return the web pages to browsers "invisibly" by either using Apache or iptables, so I've been looking into the latter. I've come across loads of posts about this sort of thing (i.e. /questions/showthread.php?s=&forumid=3&threadid=161490), and have tried implementing them, but I am getting "Connection refused" errors in my browser, and I can't work out where the problem is lying, and was hoping someone could look at this lot and tell me where I'm going wrong...
Some background:
192.168.143.87 = Win2K box.
80.1.240.91 = new Fedora installed box, with Apache running on port 81
eth0 = external interface
eth1 = local network
I really don't know what is useful to anyone, so I've just dumped the whole lot.... Sorry
iptables -t nat -L
Code:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:192.168.143.87:80
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.143.0/24 anywhere
MASQUERADE all -- 192.168.85.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -L
Code:
Chain INPUT (policy DROP)
target prot opt source destination
INETIN all -- anywhere anywhere
ACCEPT all -- 192.168.143.0/24 anywhere
ACCEPT all -- 192.168.85.0/24 anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
INETIN all -- anywhere anywhere
INETIN all -- anywhere anywhere
INETOUT all -- anywhere anywhere
INETOUT all -- anywhere anywhere
ACCEPT all -- 192.168.143.0/24 anywhere
ACCEPT all -- 192.168.85.0/24 anywhere
ACCEPT tcp -- anywhere 192.168.143.87 tcp dpt:http
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
INETOUT all -- anywhere anywhere
Chain DMZIN (0 references)
target prot opt source destination
Chain DMZOUT (0 references)
target prot opt source destination
Chain INETIN (3 references)
target prot opt source destination
TREJECT all -- anywhere anywhere state INVALID
TREJECT icmp -- anywhere anywhere icmp redirect
TREJECT icmp -- anywhere anywhere icmp router-advertisement
TREJECT icmp -- anywhere anywhere icmp router-solicitation
TREJECT icmp -- anywhere anywhere icmp type 15
TREJECT icmp -- anywhere anywhere icmp type 16
TREJECT icmp -- anywhere anywhere icmp address-mask-request
TREJECT icmp -- anywhere anywhere icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
TREJECT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp !echo-request
TCPACCEPT tcp -- anywhere anywhere tcp dpt:ssh
UDPACCEPT udp -- anywhere anywhere udp dpt:bootpc
UDPACCEPT udp -- anywhere anywhere udp dpt:6112
UDPACCEPT udp -- anywhere anywhere udp dpt:6119
UDPACCEPT udp -- anywhere anywhere udp dpt:4000
ACCEPT all -- anywhere anywhere state ESTABLISHED
TCPACCEPT tcp -- anywhere anywhere tcp dpts:1024:65535 state RELATED
UDPACCEPT udp -- anywhere anywhere udp dpts:1024:65535 state RELATED
TREJECT all -- anywhere anywhere
Chain INETOUT (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain LDROP (0 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `TCP Dropped '
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `UDP Dropped '
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `ICMP Dropped '
LOG all -f anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Dropped '
DROP all -- anywhere anywhere
Chain LREJECT (0 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `TCP Rejected '
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `UDP Rejected '
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `ICMP Rejected '
LOG all -f anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Rejected '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LTREJECT (0 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `TCP Rejected '
LOG udp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `UDP Rejected '
LOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 LOG level info prefix `ICMP Rejected '
LOG all -f anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `FRAGMENT Rejected '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain PREROUTING (0 references)
target prot opt source destination
Chain TCPACCEPT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 20/sec burst 5
LOG tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 2/sec burst 5 LOG level warning prefix `Possible SynFlood '
TREJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `Mismatch in TCPACCEPT '
TREJECT all -- anywhere anywhere
Chain TREJECT (13 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain UDPACCEPT (5 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 2/sec burst 5 LOG level warning prefix `Mismatch on UDPACCEPT '
TREJECT all -- anywhere anywhere
Chain ULDROP (0 references)
target prot opt source destination
ULOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_TCP' queue_threshold 1
ULOG udp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_UDP' queue_threshold 1
ULOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_ICMP' queue_threshold 1
ULOG all -f anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LDROP_FRAG' queue_threshold 1
DROP all -- anywhere anywhere
Chain ULREJECT (0 references)
target prot opt source destination
ULOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_TCP' queue_threshold 1
ULOG udp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1
ULOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1
ULOG all -f anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LREJECT_FRAG' queue_threshold 1
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ULTREJECT (0 references)
target prot opt source destination
ULOG tcp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_TCP' queue_threshold 1
ULOG udp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_UDP' queue_threshold 1
ULOG icmp -- anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_ICMP' queue_threshold 1
ULOG all -f anywhere anywhere limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix `LTREJECT_FRAG' queue_threshold 1
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable