On Tuesday 18 May 2004 7:21 pm, alucard@xxxxxxxxx wrote:
> I´m using a completly different address to try to access the server from
> the outside, to be more specific, I'm doing this at work and I'm using the
> computers in my house to do this test and nothing happens. If I telnet
> port 80 server2 directly from server1 I get this -to make sure it's
> working-:
>
> --------
> root@mail:~# telnet 192.168.0.2 80
> Trying 192.168.0.2...
> Connected to 192.168.0.2.
> Escape character is '^]'.
> ^]
> telnet>
> --------
A couple of suggestions:
1. Try a totally different port number (in the PREROUTING nat rule, and when
you telnet to test things) to see if there's some problem with 8080. You
know that port 80 can get to the firewall (because it's running its own web
server), so try TCP port 88 perhaps instead of 8080.
2. Remove the PREROUTING nat rule, make sure any dropped packets on INPUT are
getting LOGged, and then telnet from the outside to port 8080 again - and
make sure you see them in the log output. This is just one way of making
sure that the requests to port 8080 are making it as far as the netfilter
machine so that it can nat them on to the real server.
Also, what does "iptables -L -nvx; iptables -L -t nat -nvx" tell you in the
packet / byte counters? Does it look like any packets are getting natted
and/or forwarded?
Regards,
Antony.
--
The first fifty percent of an engineering project takes ninety percent of the
time, and the remaining fifty percent takes another ninety percent of the
time.
Please reply to the list;
please don't CC me.
