Hi Thomas, Am Fre, 2003-10-10 um 10.52 schrieb Thomas Wallrafen: > I'm currently setting up an IPtables firewall using DNAT to access our > Webserver (192.168.0.42) and Masquerading to allow Internet access to > the clients. > > Packets to the firewall (137.226.171.XXX) on port 80 can pass the FORWARD-chain: > (already DNATed...) > Oct 10 11:47:24 wormhole kernel: IN=eth0 OUT=eth1 SRC=170.252.80.XXX > DST=192.168.0.42 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=39702 DF PROTO=TCP > SPT=48785 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 Are you sure the packets get lost? What happens when you run tcpdump on the internal interface of the firewall? Can you run tcpdump on the webserver? Does the webserver have a default gateway set pointing to the firewall? Can you post your rules? Does the internet access for the clients work? Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org
