DNAT-PROBLEM

persaie persaie <persaie77@xxxxxxxxx> · Sun, 2 May 2004 03:20:04 -0700 (PDT)

MY NETWORK SETUP IS ......

192.168.1.0/24 -->>--
192.168.1.64-(eth1)-----router------(eth0)-192.168.5.55---((--192.168.5.0/24

----------------------

WHEN I TRY TO DO DNAT ? I AM UNABLES TO IT .......

http server is running properly at 192.168.5.50 , and
listening at port 80, and there are no 
firewall rules in machine 192.168.5.50, and policies
are ACCEPT.

			      ------------------------

IP-forwarding is enabled on ROUTER machine.           

RULES IN MY ROUTER ARE AS FOLLOWS ......

 # Generated by iptables-save v1.2.8 on Sun May  2
15:26:18 2004
*nat
:PREROUTING ACCEPT [1543:280620]
:POSTROUTING ACCEPT [116:27287]
:OUTPUT ACCEPT [19:1310]
-A PREROUTING -d 192.168.1.64 -i eth1 -p tcp -m tcp
--dport 80 -j LOG --log-prefix "http-req-at-prerout"
-A PREROUTING -d 192.168.1.64 -i eth1 -p tcp -m tcp
--dport 80 -j DNAT --to-destination 192.168.5.50
COMMIT
# Completed on Sun May  2 15:26:18 2004
# Generated by iptables-save v1.2.8 on Sun May  2
15:26:18 2004
*filter
:INPUT ACCEPT [12830:1222977]
:FORWARD ACCEPT [5058:1326927]
:OUTPUT ACCEPT [3815:292159]
-A FORWARD -d 192.168.5.50 -p tcp -m tcp --dport 80 -j
LOG --log-prefix "going to 5.50..:"
-A FORWARD -s 192.168.5.50 -p tcp -j LOG --log-prefix
"coming from 5.50..:"
COMMIT
# Completed on Sun May  2 15:26:18 2004               

             		------------------------------  

>From 192.168.1.252 if i try to access
http://192.168.1.64 then i get these messages in my
router ..                                        
MESSAGES IN /VAR/LOG/MESSAGES ARE AS FOLLOWS....

  May  2 15:25:02 fw kernel:
http-req-at-preroutIN=eth1 OUT=
MAC=00:05:5d:4b:6c:22:00:07:95:d2:0f:3f:08:00
SRC=192.168.1.252 DST=192.168.1.64 LEN=60 TOS=0x00
PREC=0x00 TTL=64 ID=37467 DF PROTO=TCP SPT=32935
DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:25:02 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37467 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:25:05 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37468 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:25:11 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37469 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:25:23 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37470 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:25:47 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37471 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
May  2 15:26:35 fw kernel: going to 5.50..:IN=eth1
OUT=eth0 SRC=192.168.1.252 DST=192.168.5.50 LEN=60
TOS=0x00 PREC=0x00 TTL=63 ID=37472 DF PROTO=TCP
SPT=32935 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

I am new to iptables , please help me solve this
problem.

Thanks in advance,
regards,
Rohit

__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 