Hi Alex
Thank you for your sudgestion, I have just tried this but the result
is the same
from the linux box a wget gives me a connection refused and from
outside the network I get a connection timed out??
GX
Alex Harsch <(E-Mail Removed)> wrote in message news:<c87a0u$1h9d$(E-Mail Removed)>...
> GX wrote:
>
> > I m using IPTABLES on Redhat Linux 8 Below is output of iptables-save.
> > Im using the following configuration:
> >
> > Linux box with 2 nicks:
> > eth1 External interface ADSL Internet connection
> > eth0 Internal LAN connection ip: 192.168.1.1
> > DHCP server
> >
> > I am not too clued up on IPTABLES and found a script which has served
> > me fine for the passed year.
> > However recently I require a windows machiene (192.168.1.8) on the
> > internal network to serve as a webserver.
> > I have tried for the passed week with no positive results. Usually I
> > just get a connection refused when trying to connect on port
> > 1.2.3.4:80 either with telnet or a web browser.
> > With other configurations (i.e postrouting snat) browsing from the
> > windows machiene doesnt work either.
> >
> > Bearing in mind that the Linux box does dhcp and masqueradeing for the
> > windows box I need a solution to forward all requests to the Linux box
> > onto the windows machiene.
> > I have even tried using the proxtpass directive in Apatche which did
> > not work, however i preffer to use IPTABLES as it is more correct (not
> > dependant on Apatche).
> >
> > If try either wget or telnet from the linux box to the windows box it
> > works.
> >
> > I am looking for a solution that I can browse my URL from either the
> > internal network or the internet and the result is that I see the
> > webpage hosted on the windows box.
> >
> > Any help will be much appriciated.
> >
> >
> > [root@gxlinux gx]# /sbin/iptables-save
> > # Generated by iptables-save v1.2.6a on Sun May 16 09:54:24 2004
> > *mangle
> > :PREROUTING ACCEPT [53952:19002123]
> > :INPUT ACCEPT [26383:16423305]
> > :FORWARD ACCEPT [27569:2578818]
> > :OUTPUT ACCEPT [21588:2504709]
> > :POSTROUTING ACCEPT [49058:5076328]
> > COMMIT
> > # Completed on Sun May 16 09:54:24 2004
> > # Generated by iptables-save v1.2.6a on Sun May 16 09:54:24 2004
> > *nat
> > :PREROUTING ACCEPT [81:6321]
> > :POSTROUTING ACCEPT [0:0]
> > :OUTPUT ACCEPT [14:833]
> > -A PREROUTING -d 1.2.3.4 -i eth1 -p tcp -m tcp --dport 80 -j DNAT
> > --to-destination 192.168.1.8:80
> > -A POSTROUTING -o eth1 -j MASQUERADE
> > COMMIT
> > # Completed on Sun May 16 09:54:24 2004
> > # Generated by iptables-save v1.2.6a on Sun May 16 09:54:24 2004
> > *filter
> > :INPUT DROP [0:0]
> > :FORWARD ACCEPT [933:340320]
> > :OUTPUT ACCEPT [355:111660]
> > :badflags - [0:0]
> > :dropwall - [0:0]
> > :firewall - [0:0]
> > :silent - [0:0]
> > -A INPUT -i lo -j ACCEPT
> > -A INPUT -s 192.168.1.0/255.255.255.128 -j ACCEPT
> > -A INPUT -i eth1 -p tcp -m tcp -m multiport --dports
> > http,ftp-data,ftp,telnet,https,5222,5269,10000 -j ACCEPT
> > -A INPUT -i eth1 -p tcp -m tcp --dport 8000:9000 -j ACCEPT
> > -A INPUT -i eth1 -p udp -m multiport --dports ftp-data,ftp -m udp -j
> > ACCEPT
> > -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG
> > -j badflags
> > -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> > FIN,SYN,RST,PSH,ACK,URG -j badflags
> > -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG
> > FIN,SYN,RST,ACK,URG -j badflags
> > -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j
> > badflags
> > -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j badflags
> > -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j badflags
> > -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
> > -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
> > -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
> > -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j
> > ACCEPT
> > -A INPUT -p icmp -j firewall
> > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> > -A INPUT -p udp -m udp --sport 137 --dport 137 -j silent
> > -A INPUT -j dropwall
> > -A FORWARD -i eth1 -m state --state INVALID,NEW -j DROP
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^
> Deleting this line should solve the problem. Regards, Alex.
> > -A badflags -m limit --limit 15/min -j LOG --log-prefix "Badflags:"
> > -A badflags -j DROP
> > -A dropwall -m limit --limit 15/min -j LOG --log-prefix "Dropwall:"
> > -A dropwall -j DROP
> > -A firewall -m limit --limit 15/min -j LOG --log-prefix "Firewall:"
> > -A firewall -j DROP
> > -A silent -j DROP
> > COMMIT
> > # Completed on Sun May 16 09:54:24 2004
> > [root@gxlinux gx]#
Similar Threads
Linear Mode
