Re: Strange PORTFORWARDING problem
From: /dev/rob0 (rob0@gmx.co.uk)
Date: 11/19/02
- Next message: ohluin@safd0832.com: "ATTRACT HOT SEXY WOMEN EASY WITH PHEROMONES (READ MORE) fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 7485 [1/2]"
- Previous message: dfitho@safd0832.com: "Police Forensic & Evidence Elimination programs jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjujjjjjjjjjjjjjjjjjjjj 6275 [768/2]"
- In reply to: Circles: "Strange PORTFORWARDING problem"
- Next in thread: Phil: "Re: Strange PORTFORWARDING problem"
- Reply: Phil: "Re: Strange PORTFORWARDING problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: /dev/rob0 <rob0@gmx.co.uk> Date: Mon, 18 Nov 2002 17:48:16 -0800
In article <3dd8a00b$0$46614$e4fe514c@news.xs4all.nl>, Circles wrote:
> I have a webserver running on port 80 behind a firewall,
> I am using the following iptables forwarding rules to access the webserver.
As was pointed out, machines behind the firewall can converse directly
without going through the firewall (default gateway.) That's why this
isn't working as you expected.
> the strange thing is that the webserver is only accessable from outside
> of the firewall and not from any workstation inside the firewall.
>
> does anyone know wh ostis happening?
Internal machines can get to it via http://192.168.0.2/ -- right?
> $path_iptables -t nat -A PREROUTING -p tcp -i ppp+ -d xxx.xx.x.xxx --dport
> 80 -j DNAT --to 192.168.0.2:80
Packets on PPP interfaces destined for your external IP (it's in your
NNTP headers, so there's little point in masking it out here :) port
80/tcp will be forwarded to 192.168.0.2:80. If an internal machine asks
for http://your.external.IP.address/, that request won't be handled by
that rule, because the packet arrived on the local interface.
> $path_iptables -A FORWARD -p tcp -i $ext_if -o $local_if -d
> 192.168.0.2 --dport 80 -m state --state NEW -j ACCEPT
Accept all NEW state packets in the FORWARD chain coming in on the
external interface and going out on the local interface, if their
destination is 192.168.0.2:80. Still doesn't cover anything coming
through the local interface destined for the external IP.
-- /dev/rob0 - preferred_email=i$((28*28+28))@softhome.net or put "not-spam" or "/dev/rob0" in Subject header to reply
- Next message: ohluin@safd0832.com: "ATTRACT HOT SEXY WOMEN EASY WITH PHEROMONES (READ MORE) fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff 7485 [1/2]"
- Previous message: dfitho@safd0832.com: "Police Forensic & Evidence Elimination programs jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjujjjjjjjjjjjjjjjjjjjj 6275 [768/2]"
- In reply to: Circles: "Strange PORTFORWARDING problem"
- Next in thread: Phil: "Re: Strange PORTFORWARDING problem"
- Reply: Phil: "Re: Strange PORTFORWARDING problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
