Hi JAck, yep I have ip forwarding enabled. I tried the rules you sent, but I'm still having the same problem. I'm stumped by it as I've had no problem routing traffic to other ports on the same machine or on other machines.. I'll keep playing around with it anyway
Thanks for the reply ----- Original Message ----- From: "Jack Bowling" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 05, 2002 4:27 PM Subject: Re: port 80 problem > ** Reply to message from Lisa <[EMAIL PROTECTED]> on Thu, 05 Dec 2002 > 16:14:16 +0000 > > > > Hi, > > > > I don't seem to be able to get external incoming traffic destined for port 80 through my firewall. > > > > I have an NT box with apache running on port 80 behind the firewall. I don't > > have httpd running on the firewall machine itself. Internal machines are able > > to connect through port 80,but external machines can't. > > > > The rules I am using are as follows: > > $IPTABLES -A PREROUTING -t nat -p tcp --dport 80 -j DNAT --to 192.x.x.x ( internal ip of nt box) > > > > $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT > > > > $IPTABLES -t nat -A POSTROUTING -j SNAT --to $EXTIP ( external ip addr of firewall machine) > > > > I have also tried putting in -s 0/0 , but it still doesn't work. > > > > I did get it to work when I had apache listening on port 9000, but I don't want > > external & internal users to have to put the port number in. > > Hey, Lisa. Do you have FORWARDing set up? > > #Accept port 80 from external interface through to internal webserver > $IPTABLES -A FORWARD -p tcp -i eth0 -s 0/0 -d 192.x.x.x --dport 80 -j ACCEPT > > # Accept port 80 from internal webserver > $IPTABLES -A FORWARD -p tcp -i eth1 -s 192.x.x.x --dport 80 -j ACCEPT > > where eth0=external and eth1=internal. Needed if you have a default FORWARD > policy of DROP. > > jb > > -- > Jack Bowling > mailto: [EMAIL PROTECTED] > > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > **NOTE** > Privileged/Confidential Information may be contained in this message. > > If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. > In such case, you should destroy this message and kindly notify the sender > by reply email. Please advise immediately if you or your employer does not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it. This E-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this E-mail in error please notify us immediately and delete this E-mail from your system. Thank you. It is possible for data transmitted by email to be deliberately or accidentally corrupted or intercepted. For this reason, where the communication is by E-mail, the Big Picture Group does not accept any responsibility for any breach of confidence which may arise through the use of this medium. Opinions, conclusions and other information in this message that do not relate to the official business of Big Picture Group shall be understood as neither given nor endorsed by it. This footnote also confirms that this email message has been swept for the presence of known computer viruses. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
