On Wednesday 18 February 2004 2:31 pm, Martinez, Michael wrote: > --> Please flush the counters on your rules using "iptables -Z; > --> iptables -Z -t nat", connect to port 8080, and then tell us the output > --> of "iptables -L -nvx; I've eliminated most of the lines which have zero packet counts, as they mean no traffic was seen: > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 131 10661 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 > 0.0.0.0/0 131 packets in total, all from your user-defined chain... > Chain RH-Firewall-1-INPUT (2 references) > pkts bytes target prot opt in out source > destination > 36 1828 ACCEPT all -- lo * 0.0.0.0/0 > 0.0.0.0/0 36 packets on the loopback interface - any idea what this is? > 82 5404 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED 82 packets ESTABLISHED or RELATED came in > 1 48 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:22 One packet on port 22 (SSH) > 0 0 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW tcp dpt:80 NO packets on port 80... > 12 3381 REJECT all -- * * 0.0.0.0/0 > 0.0.0.0/0 reject-with icmp-host-prohibited And 12 rejected packets - maybe LOGging these before rejecting them would be helpful in this case, just so we know what they are? > --> iptables -L -t nat -nvx". > > Chain PREROUTING (policy ACCEPT 19 packets, 4845 bytes) > pkts bytes target prot opt in out source > destination > 0 0 REDIRECT tcp -- * * 0.0.0.0/0 > 199.128.238.12 tcp dpt:80 redir ports 8080 And NO packets got redirected from 80 to 8080... I still don't see how you are successfully getting a connection on port 8080 when there is no rule to allow it. Regards, Antony. -- There are two possible outcomes: If the result confirms the hypothesis, then you've made a measurement. If the result is contrary to the hypothesis, then you've made a discovery. - Enrico Fermi
