iptables natting
Hi folks,
I've got a bit of a problem with setting up forwarding on my firewall and I
can't seem to figure out what I am doing wrong.
I have a tomcat server running on port 8080 on a machine in my network. I have
set up the following rules so that the outside world can get to it:
iptables -A FORWARD -i eth0 -o eth1 -d 192.168.0.10 -p tcp -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT
--to-destination 192.168.0.10
the outside world can now contact that machine on port 8080 (I don't like the
forwarding rule that much it feels to "open" I tried to restricted it to just
port 8080 with the --dport option but it would seem you can't use that on the
forward table).
Anyway, this natting / forwarding is in place because I am developing against
another server which needs to contact me at one point. At the end of the
process the server sends a redirect to a web browser but the redirect always
fails on my machine. That's not very clear so here is the course of events
1)client (me) is at my website
2)client is redirected by my website to other website
3)other website contacts my server (this is fine so forwarding / natting is
working)
4)other website redirects client back to my server
5)...... nothing happens ......
I do get a bunch of these appear in the log but adding a forwarding rule that
lets this through doesn't solve the problem.
Jul 12 13:33:44 server kernel: IN=eth1 OUT=eth1 SRC=192.168.0.10
DST=192.168.0.10 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=31478 DF PROTO=TCP
SPT=46062 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0
I think the problem is that the redirect is to my public IP address and I am
on a machine inside the network. I'm pretty sure that if I was outside the
network this would work fine.
Thanks for any help.
--
.¸¸.·´¯`·.¸¸.·´¯`· Shallow Sea Aquatics .¸¸.·´¯`·.¸¸.·´¯`·
.¸¸.·´¯`·.¸¸.·´¯ http://www.shallowsea.com ¸.·´¯`·.¸¸.·´¯`
Reply to: