RE: forwarding

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: RE: forwarding

hi

Im testing your configuration in my test machines and it´s works for me


                                                                                Firewall                                        web server

172.40.x.x (yes, local network with public ip, aggg) ----- [172.40.42.200 - 192.168.150.1] ----- [192.168.150.2]



firewall:~# iptables -L -t nat -n -v
Chain PREROUTING (policy ACCEPT 259 packets, 35934 bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   144 DNAT       tcp  --  *      *       0.0.0.0/0            172.40.43.200      tcp dpt:8080 to:192.168.150.2:80

Chain POSTROUTING (policy ACCEPT 39 packets, 2680 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 19 packets, 1499 bytes)
 pkts bytes target     prot opt in     out     source               destination
firewall:~#

firewall:~# iptables -L -n -v
Chain INPUT (policy DROP 15 packets, 1455 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2943  293K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22

Chain FORWARD (policy DROP 1 packets, 72 bytes)
 pkts bytes target     prot opt in     out     source               destination
 3963 3939K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
    3   144 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.150.2      tcp dpt:80

Chain OUTPUT (policy ACCEPT 3794 packets, 283K bytes)
 pkts bytes target     prot opt in     out     source               destination
firewall:~#


balanceador:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.150.0   0.0.0.0         255.255.255.252 U     0      0        0 eth1
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.150.1   0.0.0.0         UG    0      0        0 eth1
balanceador:~#


firewall:~# tcpdump -n tcp src or dst port 80 or 8080
tcpdump: listening on eth0
20:01:06.945606 172.60.60.75.2286 > 172.40.43.200.8080: S 1752076561:1752076561(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)

20:01:06.946034 172.40.43.200.8080 > 172.60.60.75.2286: S 2920282127:2920282127(0) ack 1752076562 win 5840 <mss 1460,nop,nop,sackOK> (DF)

20:01:06.946273 172.60.60.75.2286 > 172.40.43.200.8080: . ack 1 win 17520 (DF)
20:01:17.851129 172.60.60.75.2286 > 172.40.43.200.8080: P 1:3(2) ack 1 win 17520 (DF)
20:01:17.851467 172.40.43.200.8080 > 172.60.60.75.2286: . ack 3 win 5840 (DF)

balanceador:~# tcpdump -i eth1 -n tcp src or dst port 80
tcpdump: listening on eth1
21:08:36.116571 172.60.60.75.2286 > 192.168.150.2.80: S 1752076561:1752076561(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)

21:08:36.116668 192.168.150.2.80 > 172.60.60.75.2286: S 2920282127:2920282127(0) ack 1752076562 win 5840 <mss 1460,nop,nop,sackOK> (DF)

21:08:36.117201 172.60.60.75.2286 > 192.168.150.2.80: . ack 1 win 17520 (DF)
21:08:47.022155 172.60.60.75.2286 > 192.168.150.2.80: P 1:3(2) ack 1 win 17520 (DF)
21:08:47.022211 192.168.150.2.80 > 172.60.60.75.2286: . ack 3 win 5840 (DF)

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux