Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Red Hat This forum is for the discussion of Red Hat Linux.


  Search this Thread
Old 12-28-2007, 08:07 AM   #1
Registered: Jun 2006
Location: India
Distribution: RHEL,Suse,Fedora
Posts: 106

Rep: Reputation: 15
IPtables: Can not access web server from outside the firewall

I have one test web server that has a public (x.x.x.195)and private ip (

Now I want to do natting in iptables so I disabled the public ip and tried to do using following entries in /etc/sysconfig/iptables.

-A PREROUTING -d X.X.X.195 -i eth0 -j DNAT --to-destination
-A POSTROUTING -s -o eth1 -j SNAT --to-source X.X.X.195
# Completed on Fri Dec 28 18:16:13 2007
# Generated by iptables-save v1.2.11 on Fri Dec 28 18:16:13 2007
:INPUT ACCEPT [330:35182]
:OUTPUT ACCEPT [31:3332]
-A FORWARD -i eth0 -o eth1 -p tcp -m

However, I am not able to ping the public ip and getting destination host unreachable error . I can not access the web server using web browser Browser gives error "server refused the connection".

Kindly let me know what I need to change in iptables.
Old 12-28-2007, 10:12 AM   #2
Registered: Aug 2004
Location: Norway
Distribution: Gentoo
Posts: 96

Rep: Reputation: 18
Hmm, not quite sure what you're trying to do?

First off, I recommend you either run iptables commands from the command-line, or use a bash script to run the commands for you.

You're editing the iptables-save file, which is NOT the way to do it...

And when it comes to the forwarding you're trying to set up, why? Why are you forwarding requests from the external interface to the internal?
This looks very strange, especially when you can setup apache (and probably ALL other webservers) to use both internal and external IPs.

And: If you disable the external IP, is it really a mystery why you can't ping it? Or did I misunderstand?

Hope this helps? If not, I suggest you describe the problem a little bit. What are you trying to do? Do you have a vhost on the internal IP that you want to have working on the external ip?

I get the feeling this is an apache config problem, not iptables?
Old 12-31-2007, 05:40 AM   #3
Registered: Jun 2006
Location: India
Distribution: RHEL,Suse,Fedora
Posts: 106

Original Poster
Rep: Reputation: 15
Thanks for the is simplified version of my problem..

I have installed web server on and I want it to be accessible from outside firewall.

I want each request to come to firewall server and the firewall server should forward it to the internal web server (

Firewall server external ip is x.x.x.195 and the interface is eth0.
internal ip is and able to ping

I have made default policy of each chain is to ACCEPT and also added the following rule.

iptables -t nat -A PREROUTING -i eth0 -d x.x.x.195 -p tcp --dport 80 -j DNAT --to-destination

iptables -t filter -L output is:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Still getting the error "connection refused" ...what other rules I need to add ?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 06:11 PM
IPTABLES How to access to web server on gateway from LAN? kozaki Linux - Networking 4 08-26-2005 12:27 PM
cant access web server behind NAT/firewall vermaamitabh Linux - Security 3 11-10-2004 12:43 PM
iptables does not allow me to access internal web server. JawjLindo Linux - Security 2 11-10-2003 03:23 PM
Trying to forward web traffic through firewall w/ IPTABLES ShinySteelRobot Linux - Networking 6 08-17-2003 06:43 PM > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 05:12 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration