On Mon, 2003-09-29 at 17:55, Andreas Meyer wrote: > Hi! > > I could need some help with setting up a prerouting for a webserver > on my gateway. > > > static-Internet-IP on eth1 > | > +----------------+ > | | > | 192.168.20.210 | > | on eth0 | > +----------------+ > | > +-----------+ > | | > +---------+ +----------+ > | | | | > 192.168.20.60 | | 192.168.20.61 > Squid | | Webserver > | | | | > 192.168.1.75 | | | > +---------+ +----------+ > | > > +--------+ > 192.168.1.3 | > WKS | > +--------+ > > I addes a rule before all other forwarding and input and output > rules: > > iptables -A FORWARD -p TCP -d 192.168.20.61 --dport 8080 -j ACCEPT > iptables -t nat -A PREROUTING -p TCP -d 192.168.20.210 --sport 1024: \ > --dport 80 -j DNAT --to 192.168.20.61:8080 > > When I contact the proxy on 192.168.20.60 from 192.168.1.3 or from within the > the DMZ at 192.168.20.60 to call 192.168.20.210, nothing happens, > nothing in the logs. > > What kind of problem do I have here? Is it possible at all to test such > a prerouting-rule from within the DMZ or the local network? > You also need a FORWARD rule to forward the return traffic from the webserver. You can use something like ethereal or tcpdump to trace your traffic, then you will see where the problem is. Also, try usimg iptables LOG rules. > Thank you for listening! -- -- Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx> Network Support Specialist http://www.knowledgefactory.co.za "lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import" Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28 --
Attachment:
signature.asc
Description: This is a digitally signed message part
