Re: Access from inside proxy to server with apache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Once again:

I have this schema:

[B]

[Pc] (80) => (80) [Proxy] ¿? => (80) [Router] (80) => (80) [Server]

No matter          proxy_out_ip           192.168.1.1             192.168.1.2

The router 'nats' port 80, 22, ... from outside to Server.

I can't access from Pc to Server (trying to display an http page from
the Apache server). I can access:

-From other pc not inside a proxy
-Via ssh from Pc to Server

If I 'shut down' iptables, I can access from Pc to Server

The /var/log/messge log:

Dec 22 14:30:55 servidor kernel: [117607.138711] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3450 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36562 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:30:55 servidor kernel: [117607.138753] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3451 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36562 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:30:55 servidor kernel: [117607.427453] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3452 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36564 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:30:56 servidor kernel: [117607.971455] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3453 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36565 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:30:57 servidor kernel: [117609.059455] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3454 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36566 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:30:59 servidor kernel: [117611.330798] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3455 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36567 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:31:03 servidor kernel: [117615.983963] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3456 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36568 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:31:12 servidor kernel: [117624.939056] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3457 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36569 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:31:29 servidor kernel: [117643.902748] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3458 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36570 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:32:04 servidor kernel: [117684.519431] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3462 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=36571 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:54 servidor kernel: [117808.239771] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3470 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30858 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:54 servidor kernel: [117808.239812] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3471 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30858 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:55 servidor kernel: [117808.511961] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3472 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30860 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:55 servidor kernel: [117809.276341] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3473 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30861 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:56 servidor kernel: [117810.537497] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3474 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30862 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:33:59 servidor kernel: [117813.014252] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3475 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30863 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:34:03 servidor kernel: [117818.310717] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3476 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30864 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:34:12 servidor kernel: [117828.414218] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3477 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30865 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:34:29 servidor kernel: [117848.339947] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3478 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30866 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
Dec 22 14:35:04 servidor kernel: [117890.700795] INPUT_IN=eth0 OUT=
MAC=192_168_1_2_MAC:00:01:38:da:5c:e9:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=56 TOS=0x00 PREC=0x00 TTL=155 ID=3480 PROTO=ICMP
TYPE=3 CODE=4 [SRC=192.168.1.2 DST=proxy_out_ip LEN=1500 TOS=0x00
PREC=0x00 TTL=63 ID=30867 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492

The iptables -S config:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s proxy_out_ip/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s proxy_out_ip/32 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 4080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 23 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j LOG --log-prefix "INPUT_"
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp --dport 9999 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 6882 -j ACCEPT
-A FORWARD -p udp -m udp --dport 5865 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 5865 -j ACCEPT
-A FORWARD -p udp -m udp --dport 8443 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 8443 -j ACCEPT
-A FORWARD -p udp -m udp --dport 4666 -j ACCEPT
-A FORWARD -p tcp -m tcp --dport 4662 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A FORWARD -j LOG --log-prefix "FORWARD"
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -j ACCEPT

Can someone tell me how to 'open' iptables to get access from Pc (port
80) to Server (port 80)?

Thanks


On 18/12/2008, Javi Legido <javi@xxxxxxxxxx> wrote:
>>>you say traffic on port 80 is redirected. how?
>
> [A]
>
> [Pc] (80) => (80) [Router] (80) => (80) [Server]
>
> The router does NAT. I repeat: if i quit iptables, all works fine,
> then I assume router NAT works
>
>>> also if the destination address is changed by nat, the packets get routed
>>> over the other
>>> interface.
>>> that is why you need to allow the traffic in the FORWARD chain.
>>> i do not see any of those in your rules above.
>
> I added (without success) the following rule:
>
> -A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
>
> ------------------------------------------
>
> The trouble continues: from inside a proxy, I can't access to the
> Apache server (I can access, for instance, via ssh). If I quit
> iptables, all works fine
>
> Thanks for your interest.
>
> Javier
>
>
>
> On 17/12/2008, Mart Frauenlob <mart.frauenlob@xxxxxxxxx> wrote:
>> Javi Legido wrote:
>>> Hi.
>>>
>>> I have the following schema:
>>>
>>> [A]
>>>
>>> [Pc] (80) => (80) [Router] (80) => (80) [Server]
>>>
>>> [B]
>>>
>>> [Pc] (80) => (80) [Proxy] ¿? => (80) [Router] (80) => (80) [Server]
>>>
>>> More data:
>>>
>>> -The server has iptables and Apache
>>> -The router has port 80 tcp redirected to the server
>>>
>>> Troubleshooting:
>>>
>>> -When I 'switch on' iptables, schema [B] fails (schema [A] always works
>>> fine)
>>> -When I 'switch off' iptables, schema [B] works fine
>>>
>>> The output:
>>>
>>> ************************ iptables -S ***************************
>>>
>>> -P INPUT ACCEPT
>>> -P FORWARD ACCEPT
>>> -P OUTPUT ACCEPT
>>> -A INPUT -s public_ip_1/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
>>> -A INPUT -s public_ip_1/32 -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
>>> -A INPUT -s 192.168.1.31/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
>>> -A INPUT -s 192.168.1.30/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
>>> -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
>>> -A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
>>> -A INPUT -i eth0 -p tcp -m tcp --dport 4080 -j ACCEPT
>>> -A INPUT -i eth0 -p udp -m udp --dport 4080 -j ACCEPT
>>> -A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
>>> -A INPUT -i eth0 -p udp -m udp --dport 21 -j ACCEPT
>>> -A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
>>> -A INPUT -i eth0 -p tcp -m tcp --sport 23 -j ACCEPT
>>> -A INPUT -i lo -j ACCEPT
>>> -A INPUT -j LOG --log-prefix "INPUT_"
>>> -A INPUT -j REJECT --reject-with icmp-port-unreachable
>>> -A FORWARD -p tcp -m tcp --dport 9999 -j ACCEPT
>>> -A FORWARD -p tcp -m tcp --dport 6882 -j ACCEPT
>>> -A FORWARD -p udp -m udp --dport 5865 -j ACCEPT
>>> -A FORWARD -p tcp -m tcp --dport 5865 -j ACCEPT
>>> -A FORWARD -p udp -m udp --dport 8443 -j ACCEPT
>>> -A FORWARD -p tcp -m tcp --dport 8443 -j ACCEPT
>>> -A FORWARD -p udp -m udp --dport 4666 -j ACCEPT
>>> -A FORWARD -p tcp -m tcp --dport 4662 -j ACCEPT
>>> -A FORWARD -j LOG --log-prefix "FORWARD"
>>> -A FORWARD -j REJECT --reject-with icmp-port-unreachable
>>> -A OUTPUT -o lo -j ACCEPT
>>>
>>> ******************** /var/log/messages ****************************
>>>
>>> Dec 17 12:32:24 servidor kernel: [1120947.846431] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=56
>>> TOS=0x00 PREC=0x00 TTL=155 ID=31428 PROTO=ICMP TYPE=3 CODE=4
>>> [SRC=192.168.1.2 DST=public_ip_1 LEN=1500 TOS=0x00 PREC=0x00 TTL=63
>>> ID=16093 DF PROTO=TCP INCOMPLETE [8 bytes] ] MTU=1492
>>> Dec 17 12:32:54 servidor kernel: [1120979.925513] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:32:57 servidor kernel: [1120983.069334] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:32:57 servidor kernel: [1120983.693341] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:33:03 servidor kernel: [1120989.596154] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:33:03 servidor kernel: [1120990.224560] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:33:15 servidor kernel: [1121001.913149] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:33:15 servidor kernel: [1121002.550066] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=public_ip_2 DST=192.168.1.2 LEN=60
>>> TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=4242 DPT=56202
>>> WINDOW=5792 RES=0x00 ACK SYN URGP=0
>>> Dec 17 12:33:45 servidor kernel: [1121033.566738] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31434 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=1
>>> Dec 17 12:33:46 servidor kernel: [1121034.571848] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31435 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=2
>>> Dec 17 12:33:47 servidor kernel: [1121035.592819] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31436 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=3
>>> Dec 17 12:33:48 servidor kernel: [1121036.789595] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31437 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=4
>>> Dec 17 12:33:49 servidor kernel: [1121037.817587] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31438 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=5
>>> Dec 17 12:33:50 servidor kernel: [1121038.945584] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31439 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=6
>>> Dec 17 12:33:51 servidor kernel: [1121039.974620] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31440 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=7
>>> Dec 17 12:33:52 servidor kernel: [1121040.974610] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31441 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=8
>>> Dec 17 12:33:53 servidor kernel: [1121041.978981] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31442 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=9
>>> Dec 17 12:33:54 servidor kernel: [1121042.991844] INPUT_IN=eth0 OUT=
>>> MAC=mac_server:mac_client:08:00 SRC=192.168.1.1 DST=192.168.1.2 LEN=84
>>> TOS=0x00 PREC=0x00 TTL=128 ID=31443 PROTO=ICMP TYPE=0 CODE=0 ID=33569
>>> SEQ=10
>>>
>>> **************************************** end
>>> *******************************************+
>>>
>>> Notice there are 2 different ip's: public_ip_2 and public_ip_1. Maybe
>>> there is the key...
>>>
>>> Can anybody helps me to make iptables let pass the traffic to the schema
>>> [B]?
>>>
>>> PD: I tested two simillar schemas [b]: two machines from inside a
>>> proxy, and the two machines failed to connect to server.
>>>
>>> Thanks in advice.
>>>
>>> Javier
>>> --
>>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>>
>>>
>> hello,
>>
>> you say traffic on port 80 is redirected. how?
>> i do not see any DNAT rules.
>> also if the destination address is changed by nat, the packets get
>> routed over the other interface.
>> that is why you need to allow the traffic in the FORWARD chain.
>> i do not see any of those in your rules above.
>> if i understand it correctly and you have two external interfaces on the
>> router, there are no rules either.
>> and with two external interfaces your routing could come into account.
>> but you did not provide any
>> information about that.
>>
>> greets
>>
>> mart
>>
>>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux