problem reach the internal.
james.Q.L
shijialeeee@yahoo.ca
Fri, 29 Nov 2002 14:32:40 -0500 (EST)
hi,
i have access to my firewall ip at port 8888 forward to port 80 at internal machine 192.168.0.3 .
but the connection always fail. can someone help me debug ? thanks.
[root@cozy166 public]#iptables -L --line-number -n
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000 reject-with
tcp-reset
Chain FORWARD (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT tcp -- 0.0.0.0/0 192.168.0.3 tcp dpt:80
4 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain drop-and-log-it (0 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
[root@cozy166 public]#iptables -L --line-number -n -t nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.0.3:80
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:80 to:192.168.0.1
2 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
the rules i added to try to make it work are :
iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 8888 \
-j DNAT --to-destination 192.168.0.3:80
iptables -A FORWARD -p tcp --dport 80 -d 192.168.0.3 -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.0/24 -d 192.168.0.3 --dport 80 -j SNAT \
--to-source 192.168.0.1
=====
/James.Q.L
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca