i think it could be - that the isp (if you're connecting to one isp trough ppp0) has a filter for port 80 (it seems strange) are you mangling some packets? what is the output for iptables -t mangle -L? ----- Original Message ----- From: "Patrick Leslie Polzer" <leslie.polzer@xxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Saturday, May 29, 2004 12:25 PM Subject: DNAT problem > > Hello again, > > a DNAT problem is coming up. > My firewall setup (simplified for testing) is currently as follows: > > > ### <snip> ### > > ##### FILTER table ##### > # policies > $ipt -P FORWARD ACCEPT > $ipt -P INPUT ACCEPT > $ipt -P OUTPUT ACCEPT > > $ipt -F > $ipt -F FORWARD > $ipt -F INPUT > $ipt -F OUTPUT > > > ##### NAT table ##### > # flush chains > $ipt -t nat -F PREROUTING > $ipt -t nat -F POSTROUTING > $ipt -t nat -F OUTPUT > > # masquerading on ppp0 and vortex > $ipt -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > $ipt -t nat -A POSTROUTING -o vortex -j MASQUERADE > > # dnat > $ipt -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.35.191:80 > > ### </snip> ### > > > The last line is working with > > --dport 8080 > > but isn't with > > --dport 80 > > What's going on there? > > > Kind regards, > > Leslie > >
