Re: Help, Simple forward doesn't work!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
S. C. wrote:
> My merchine eth0 is 192.168.8.50
>
> modprobe iptable_nat
> echo "1">/proc/sys/net/ipv4/ip_forward
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
> 192.168.8.55:80
>
I'm a bit confused. At first I assumed that you were hosting a web
server on your lan, and wanted to allow public access from the internet.
But looking at it now it seems you are redirecting local traffic to
another local machine -- all on the 192.168.8.0/24 network. IF that's
the case, why redirect? Just have local users go directly to the web
server. If you try to redirect, you're going to have issues because
everything is on the same lan.
Check it out. Your client browser wants to go to the web server. It
initially goes to the firewall and the packet is redirected to the web
server. The web server sees the origin ip address of the client. It is
on the same network as the web server. No need to go thru the
firewall/gateway, the web server just sends a packet back to the client
directly. But... the client is expecting the packets to come from the
firewall/gateway, so it drops the packets from teh web server because it
can't match it up to any known stream.
You could try to NAT it, but I don't see why you don't just have local
clients connect directly. Or you could run apache on the firewall and do
an http redirect...
- --
/phil
-----BEGIN PGP SIGNATURE-----
Comment: Public Key: http://www.dyermaker.org/gpgkey.asc
iD8DBQFCCXqu0q9tKssDeQcRApijAJ45Hq1795RjBuTCremVPd8HKqBf8ACfe/SM
PvhI4qfZ1cRGCqmYYyATtG4=
=v79O
-----END PGP SIGNATURE-----
Reply to: