Hello and good morning! I am having a heck of a time. I spent all day trying to figure out why my IPtables script isnt working on my new firewall machine. Old box ( WORKING ) Slackware 8.1 - iptables 1.2.6a New box ( NOT WORKING ) Gentoo - iptables 1.2.8 I did check the gentoo kernel and it has everything the Slackware box has. Plus I've read the documentation and I've done this for a while. I did re-compile iptables to conform with the new kernel on gentoo. For some reason httpd is filtered on the gentoo box and open on the slackware box. I even tried using webmin to setup up everything identical but no go. Yes apache is bound to the internal IP. I can reach apache from any internal machine. All I want to do is keep my apache box on the local network and forward the requests from the firewall to my internal apache server. The firewall is also the gateway for internet access for the local workstations. Apache = 192.168.1.1 Firewall - external IP = 209.145.93.99 My current rc.firewall script works on slack but not gentoo ( 1.2.6a not 1.2.8 of iptables): # !/bin/sh # now to flush/clear out the iptables first iptables -F -t nat iptables -F -t mangle iptables -F -t filter echo "1" > /proc/sys/net/ipv4/conf/all/forwarding modprobe ip_conntrack modprobe ip_conntrack_ftp iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to 209.145.93.99 echo " Forwarding http traffic to Gadaffi.solarplex.org " iptables -t nat -A PREROUTING -p tcp -i eth0 -d 209.145.93.99 --dport 80 -j DNAT --to-destination 192.168.1.1:80 iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.1 --dport 80 -j ACCEPT # now to list the iptables iptables -L -t nat iptables -L
