RE: IP forwarding on port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



OK, more info. My belief is that the packets are not being DNAT’d properly. I added this to that chain:

 

-A PREROUTING -j LOG --log-prefix "test" --log-level 7

 

And was able to log all the incoming HTTP packets. I then added these two:

 

-A FORWARD -p tcp -m tcp --dport 80 -j LOG --log-prefix "test" --log-level 7

-A OUTPUT -p tcp -m tcp --dport 80 -j LOG --log-prefix "test" --log-level 7

 

A properly DNAT’d packet should pass through FORWARD and then OUTPUT, but I found nothing in the log. Is it possible that the DNAT module isn’t loaded?

 

I’ve done tcpdump and the firewall definitely always receives the internet-incoming message and the web server never receives it.

 

Any clues?

 

-----Original Message-----
From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of George Vieira
Sent: Thursday, June 12, 2003 5:18 PM
To: Kent Wang; netfilter@xxxxxxxxxxxxxxxxxxx
Subject: RE: IP forwarding on port 80

 

What debugging have you done? tcpdump, iptables logging, anything?

 

Does your web server have a default gateway of the firewall?

Thanks,

 

____________________________________________

George Vieira
Citadel Computer Systems Pty Ltd   Systems Manager   georgev AT citadelcomputer DOT com DOT au  

Citadel Computer Systems Pty Ltd

Phone : +61 2 9955 2644   HelpDesk: +61 2 9955 2698   http://www.citadelcomputer.com.au

 


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux