Re: Access from inside proxy to server with apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Javi Legido írta:

Hi.

I have the following schema:

[A]

[Pc] (80) => (80) [Router] (80) => (80) [Server]

[B]

[Pc] (80) => (80) [Proxy] ?? => (80) [Router] (80) => (80) [Server]

More data:

-The server has iptables and Apache
-The router has port 80 tcp redirected to the server

Troubleshooting:

-When I 'switch on' iptables, schema [B] fails (schema [A] always works fine)
-When I 'switch off' iptables, schema [B] works fine


...

Dec 17 12:32:24 servidor kernel: [1120947.846431] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=56
TOS=0x00 PREC=0x00 TTL=155 ID=31428 PROTO=ICMP TYPE=3 CODE=4
[SRC=192.168.1.2 DST=public_ip_1 LEN=1500 TOS=0x00 PREC=0x00 TTL=63
ID=16093 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 17 12:32:54 servidor kernel: [1120979.925513] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:32:57 servidor kernel: [1120983.069334] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:32:57 servidor kernel: [1120983.693341] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:33:03 servidor kernel: [1120989.596154] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:33:03 servidor kernel: [1120990.224560] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:33:15 servidor kernel: [1121001.913149] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:33:15 servidor kernel: [1121002.550066] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
WINDOW=5792 RES=0x00 ACK SYN URGP=0
Dec 17 12:33:45 servidor kernel: [1121033.566738] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31434 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=1
Dec 17 12:33:46 servidor kernel: [1121034.571848] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31435 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=2
Dec 17 12:33:47 servidor kernel: [1121035.592819] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31436 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=3
Dec 17 12:33:48 servidor kernel: [1121036.789595] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31437 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=4
Dec 17 12:33:49 servidor kernel: [1121037.817587] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31438 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=5
Dec 17 12:33:50 servidor kernel: [1121038.945584] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31439 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=6
Dec 17 12:33:51 servidor kernel: [1121039.974620] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31440 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=7
Dec 17 12:33:52 servidor kernel: [1121040.974610] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31441 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=8
Dec 17 12:33:53 servidor kernel: [1121041.978981] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31442 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=9
Dec 17 12:33:54 servidor kernel: [1121042.991844] INPUT_IN=eth0 OUT=
MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
TOS=0x00 PREC=0x00 TTL=128 ID=31443 PROTO=ICMP TYPE=0 CODE=0 ID=33569
SEQ=10

I do not see in this log any http (port 80 SPT=80 or DPT=80) activity....

Swifty

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux