[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: nat help!



In one of your posts you mentioned that the web server is not directly connected to the internet.  That caused me to think about it's routing configuration...  Does this server (10.30.143.1) have a route to get back to the NAT box (10.30.142.12)?  If not then your packets may be getting NATed
to the web server, but the response may not be coming back.  For starters, try accessing 'http://10.30.143.1' from 10.30.142.12.  If that works, then it isn't a routing problem.  If that doesn't work, then no amount of tweaking of your iptables rules will help.

Another possible problem that you may be having is due to how you're accessing the NATed service.  Are your trying to access it from a third computer on the other side of the NAT box, or from that box itself?  I know it can be tricky to get a packet originating from the NAT server itself to be properly processed by the iptables rules.  You should be running your test connection to 'http://10.30.142.12' from a client machine on the 10.30.142.x subnet, not from 10.30.143.x or from the router itself.

    dave p.

itachi@cnt.uo.edu.cu wrote:
done

ruter-deb:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination


SNAT       tcp  --  10.30.142.12         anywhere            tcp dpt:www
to:10.3
0.143.1

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


but when from my computer i do http://10.30.142.12

nothing happends
:(
  
You're not listing out the correct iptables rules to see your nat rule.
Try this:
    iptables -t nat -L


itachi@cnt.uo.edu.cu wrote:
    
but

      
itachi@cnt.uo.edu.cu wrote:

        
hello list
im trying to nat some address here but nothing happeds
check this rule
what is wrong in there=?

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

## Empezamos a filtrar
## Nota: eth0 es el interfaz conectado al router y eth1 a la LAN
# El localhost se deja (por ejemplo conexiones locales a mysql)
/sbin/iptables -A INPUT -i lo -j ACCEPT

iptables -t nat -A PREROUTING --dst 10.30.142.12 -p tcp --dport 80 -j
DNAT
\--to-destination 10.30.143.1

echo 1 > /proc/sys/net/ipv4/ip_forward


          
HI

You forgot the FORWARD

i.e. iptables -t filter -A FORWARD --dst 10.30.142.12 -p tcp --dport 80
-J
ACCEPT

        
now my table is whowing this

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
DROP       icmp -- !10.30.142.3          0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            10.30.142.12        tcp dpt:80

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

what about 10.30.143.1 ?

i thing on 10.30.143.1 is where i have running the webserver
but i want open the webserver on 10.30.142.12





      
HTH

Kind Regards
Brent Clark


--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org



        
-------------------------------------------------
                           Luis A. Rondon Paz
    L I N U X       .~.    Admin intranet CNT
   The  Choice      /V\    icq #132736035
    of a GNU       /( )\   itachi@cnt.uo.edu.cu
   Generation      ^^-^^    Santiago de cuba
                   UONET







           ###########
         ###############
       ####           ####
-   ,$$P'               ###
- ',$$P       ,-***      ###
- `d$$'     ,##    *     ###
-  $$P      ##     *     ###
-  $$:      ##   -      ###
-  $$;      ###       ###
-  Y$$.    `   #######
-  `$$b      "-.__
-   `Y$$b
-    `Y$$.
-      `$$b.
-        `Y$$b.
-          `"Y$b._
-------------------------------------------------




      
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


    


-------------------------------------------------
                           Luis A. Rondon Paz
    L I N U X       .~.    Admin intranet CNT
   The  Choice      /V\    icq #132736035
    of a GNU       /( )\   itachi@cnt.uo.edu.cu
   Generation      ^^-^^    Santiago de cuba
                   UONET







           ###########
         ###############
       ####           ####
-   ,$$P'               ###
- ',$$P       ,-***      ###
- `d$$'     ,##    *     ###
-  $$P      ##     *     ###
-  $$:      ##   -      ###
-  $$;      ###       ###
-  Y$$.    `   #######
-  `$$b      "-.__
-   `Y$$b
-    `Y$$.
-      `$$b.
-        `Y$$b.
-          `"Y$b._
-------------------------------------------------





  

Reply to: