Try changing the second line to something like: $IPTABLES -A FORWARD -p tcp --dport 80 -m state --state NEW -d 192.xxx.xxx.xxx -j ACCEPT
And pitch that third line...it's not necessary. On Thu, 5 Dec 2002, Lisa wrote: > Hi, > > I don't seem to be able to get external incoming traffic destined for port 80 >through my firewall. > > I have an NT box with apache running on port 80 behind the firewall. I don't have >httpd running on the firewall machine itself. Internal machines are able to connect >through port 80,but external machines can't. > > The rules I am using are as follows: > $IPTABLES -A PREROUTING -t nat -p tcp --dport 80 -j DNAT --to 192.x.x.x ( internal >ip of nt box) > > $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT > > $IPTABLES -t nat -A POSTROUTING -j SNAT --to $EXTIP ( external ip addr of firewall >machine) > > I have also tried putting in -s 0/0 , but it still doesn't work. > > I did get it to work when I had apache listening on port 9000, but I don't want >external & internal users to have to put the port number in. > > > > regards > > Lisa > > > > > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
