Webiste down, need some advice

echo_max · 11-13-2007, 09:12 PM

Hello all,

I've got a linux route running iptables. i thought i had it functioning correctly, forwarding the necessary ports for http, ssh and ftp to another box. Evidently my website isn't accessible (neither are any of these other services). I'm not sure whats hanging up the connection in iptables. Below is the commands i pass to iptables to enable port forwarding and forward the ports. I would appreciate it greatly if someone could point out my mistake:

Code:

IPTABLES=/sbin/iptables
ROOTERLAN=eth0
ROOTERWAN=eth1
VEGALANIP=10.6.1.10
ROOTERLANIP=10.6.1.1
LANNET=10.6.1.0/24

...flush tables and set policies...


$IPTABLES -A INPUT -p tcp --dport http -i $ROOTERWAN -j ACCEPT
$IPTABLES -A POSTROUTING -t nat -s $LANNET -o $ROOTERWAN -j MASQUERADE
$IPTABLES -A FORWARD -i $ROOTERWAN -j ACCEPT
$IPTABLES -A FORWARD -p tcp -s $VEGALANIP -i $ROOTERLAN -o $ROOTERWAN -j ACCEPT

#forward http
$IPTABLES -A PREROUTING -t nat -i $ROOTERWAN -p tcp --dport 80 -j DNAT --to $VEGALANIP:80
$IPTABLES -A FORWARD -p tcp --dport 80 -i $ROOTERWAN -d $VEGALANIP -j ACCEPT

Thanks in advance.

comprookie2000 · 11-14-2007, 04:18 PM

does this say 1
cat /proc/sys/net/ipv4/ip_forward

Code:

some examples ...
# export LAN=eth0
# export WAN=eth1

Forward port 2 to ssh on an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 2 -i ${WAN} -j DNAT --to 192.168.0.2:22

FTP forwarding to an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 21 -i ${WAN} -j DNAT --to 192.168.0.56

HTTP forwarding to an internal host
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i ${WAN} -j DNAT --to 192.168.0.56

from the gentoo docs

echo_max · 11-18-2007, 04:46 PM

The problem is fixed. Turns out my DynDNS account was expired! a recreated the account and everything is dandy.