Vserver networking: to make a forward only.
I want to make a well closed machine running vservers - that is I want to make
such a forwarding that any communications will be off the machine (for the
- but only affecting those in vserver.
Thus far I have on real machine:
-A FORWARD -p tcp -m tcp -m --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp -d 192.168.1.1 --dport 80 -j ACCEPT
-A POSTROUTING -o eth0 -j SNAT --to-source=192.168.0.2
-A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:80
My problem is: when I set INPUT/OUTPUT policies to DROP then I can not get a
web page from 192.168.1.1 requesting from eth0. But it works only when those
chains are set to ACCEPT. Why is it so?! - IMHO all the forward should not
apply to the routing machine - that are INPUT, OUTPUT on real machine. Or I
Please, feel free for any comments.
Thank You for Your time.