Forwarding http requests through firewall

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Can anyone help with this? I have a home network. This is connected to the
Internet through one machine that is connected to a WiMax system. That
machine (let's call it PC1) is running SuSEfirewall2. Another machine (PC2)
on the network is running Apache, and I want this to be world-reachable, so
I need to forward http requests arriving at PC1 to PC2. But I can't get it
to work. Help would be appreciated.

Here are the details:

PC1 has two NICs:
  - eth0 has static IP and is connected to the LAN via a hub.
  - eth1 has static IP 84.xx.xx.xx (ie, reachable from the Internet) and is
connected to the Wi-Max box.
This PC is running SuSEfirewall2 which is configured with port 80 open (I've
tested this by running Apache temporarily on the machine and it was
reachable from the Internet. Apache has since been disabled).

PC2 has static IP and is running Apache listening on port 80.

I have the current startup script:


/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $EXTIF -o $INTIF -m state \
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

This allows other machines on the network to use as their
gateway. That's all working fine. But I want to be able to route all
incoming http requests to PC2. I tried this, but it doesn't seem to work:

iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d $EXTIP \
    --dport 80 -j DNAT --to $WEBSERVER:80
iptables -A FORWARD -p tcp -d $WEBSERVER --dport 80 -j ACCEPT

When I try to access http://84.xx.xx.xx from outside the network I get a
message that the server couldn't be found.

Any thoughts?

Site Timeline