[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables natting

Hi folks,

I've got a bit of a problem with setting up forwarding on my firewall and I 
can't seem to figure out what I am doing wrong.

I have a tomcat server running on port 8080 on a machine in my network. I have 
set up the following rules so that the outside world can get to it:

iptables -A FORWARD -i eth0 -o eth1 -d -p tcp -j ACCEPT

iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT 

the outside world can now contact that machine on port 8080 (I don't like the 
forwarding rule that much it feels to "open" I tried to restricted it to just 
port 8080 with the --dport option but it would seem you can't use that on the 
forward table).

Anyway, this natting / forwarding is in place because I am developing against 
another server which needs to contact me at one point. At the end of the 
process the server sends a redirect to a web browser but the redirect always 
fails on my machine. That's not very clear so here is the course of events

1)client (me) is at my website
2)client is redirected by my website to other website
3)other website contacts my server (this is fine so forwarding / natting is 
4)other website redirects client back to my server
5)...... nothing happens ...... 

I do get a bunch of these appear in the log but adding a forwarding rule that 
lets this through doesn't solve the problem.

Jul 12 13:33:44 server kernel: IN=eth1 OUT=eth1 SRC= 
DST= LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=31478 DF PROTO=TCP 
SPT=46062 DPT=8080 WINDOW=5840 RES=0x00 SYN URGP=0

I think the problem is that the redirect is to my public IP address and I am 
on a machine inside the network. I'm pretty sure that if I was outside the 
network this would work fine.

Thanks for any help.


 .¸¸.·´¯`·.¸¸.·´¯`· Shallow Sea Aquatics .¸¸.·´¯`·.¸¸.·´¯`·
 .¸¸.·´¯`·.¸¸.·´¯ http://www.shallowsea.com ¸.·´¯`·.¸¸.·´¯`

Reply to: