Thus spoke Thomas Wallrafen:
> Hi all!
>
> Sorry for asking this stupid question again, but searching the archives
> couldn't help me solve my problem :(
>
> I'm currently setting up an IPtables firewall using DNAT to access our
> Webserver (192.168.0.42) and Masquerading to allow Internet access to
> the clients.
>
> Packets to the firewall (137.226.171.XXX) on port 80 can pass the FORWARD-chain:
> (already DNATed...)
> Oct 10 11:47:24 wormhole kernel: IN=eth0 OUT=eth1 SRC=170.252.80.XXX
> DST=192.168.0.42 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=39702 DF PROTO=TCP
> SPT=48785 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
>
> The packets then get lost somehow. I can't trace back to where it is,
> but the packets never reach the webserver on 192.168.0.42:80
> With the webserver-logs I can confirm this.
>
> My IPtables setup currently is very minimal due to the current
> testing-status (only one Masquerading and one DNAT rule).
>
> All chains are set up to ACCEPT all packets, as long as I haven't found
> a solution to this problem.
>
> We're using IPtables 1.2.6a with an unpatched Kernel 2.4.22.
>
> Has anyone a suggestion how to solve this?
>
Amendment: Kernel-Forwarding via /proc is enabled
Thomas
--
__ _ Debian GNU/ _
/ / (_)_ __ _ ____ ___ | |
/ / | | '_ \| | | \ \ / / | |
/ /___| | | | | |_| |> < |_|
\_______|_| |_|\__,_/_/\__\ (_)
