** Reply to message from Lisa <[EMAIL PROTECTED]> on Thu, 05 Dec 2002 16:14:16 +0000
> Hi, > > I don't seem to be able to get external incoming traffic destined for port 80 >through my firewall. > > I have an NT box with apache running on port 80 behind the firewall. I don't > have httpd running on the firewall machine itself. Internal machines are able > to connect through port 80,but external machines can't. > > The rules I am using are as follows: > $IPTABLES -A PREROUTING -t nat -p tcp --dport 80 -j DNAT --to 192.x.x.x ( internal >ip of nt box) > > $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT > > $IPTABLES -t nat -A POSTROUTING -j SNAT --to $EXTIP ( external ip addr of firewall >machine) > > I have also tried putting in -s 0/0 , but it still doesn't work. > > I did get it to work when I had apache listening on port 9000, but I don't want > external & internal users to have to put the port number in. Hey, Lisa. Do you have FORWARDing set up? #Accept port 80 from external interface through to internal webserver $IPTABLES -A FORWARD -p tcp -i eth0 -s 0/0 -d 192.x.x.x --dport 80 -j ACCEPT # Accept port 80 from internal webserver $IPTABLES -A FORWARD -p tcp -i eth1 -s 192.x.x.x --dport 80 -j ACCEPT where eth0=external and eth1=internal. Needed if you have a default FORWARD policy of DROP. jb -- Jack Bowling mailto: [EMAIL PROTECTED] -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
