On Sunday 13 July 2003 5:35 pm, Jorge Umaņa wrote:
> This is off-toppic
You're right, it is - there is a very good netfilter mailing where this
question more properly belongs...
However...
> I have an web server in windows inside my LAN but my public ip address is
> in my LINUX firewall where is found the SQUID proxy, I need to send all the
> packages that comming for the 80 port to my web server
If you have Squid on the Linux box, why are you trying to use packet
filtering / NAT to redirect requests to yoour web server? You seem to be
confusing two types of firewalling: packet filtering vs. application layer
proxying, and although yu can do both on one machine, why try?
> I am using this chain but it does not work.
>
> iptables -t nat -A PREROUTING -p tcp -d $ipPUBLIC --dport 80 -j DNAT
> --to-destination $webServer
1. Do you have an appropriate FORWARD rule to allow the packets through the
machine as well?
2. Do you have /proc/sys/net/ipv4/ip_forward = 1 so the box will forward
packets at all?
3. Does Squid listen on port 80 (transparent mode) or 3128 (standard proxyign
mode). If transparent, it may be interfering with the packets through the
Linux machine.
4. If you use the command "iptables -L -t nat -n -v -x" do you see non-zero
values for the packet and byte counters on the above rule? (ie are any
packets matching the rule and being NATted, but then blocked somewhere else)
5. Does your ISP block incoming TCP Port 80 traffic,to stop people running
web servers on home connections ?
Just a few thoughts.
If these don'tsolve it I recommend netfilter@lists.netfilter.org
Regards,
Antony.
-- Wanted: telepath. You know where to apply.Received on Sun Jul 13 2003 - 11:31:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:57 MST