Do you have a question? Post it now! No Registration Necessary. Now with pictures!
November 20, 2005, 9:39 am
rate this thread
Internet through one machine that is connected to a WiMax system. That
machine (let's call it PC1) is running SuSEfirewall2. Another machine (PC2)
on the network is running Apache, and I want this to be world-reachable, so
I need to forward http requests arriving at PC1 to PC2. But I can't get it
to work. Help would be appreciated.
Here are the details:
PC1 has two NICs:
- eth0 has static IP 192.168.0.10 and is connected to the LAN via a hub.
- eth1 has static IP 84.xx.xx.xx (ie, reachable from the Internet) and is
connected to the Wi-Max box.
This PC is running SuSEfirewall2 which is configured with port 80 open (I've
tested this by running Apache temporarily on the machine and it was
reachable from the Internet. Apache has since been disabled).
PC2 has static IP 192.168.0.2 and is running Apache listening on port 80.
I have the current startup script:
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $EXTIF -o $INTIF -m state \
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
This allows other machines on the network to use 192.168.0.10 as their
gateway. That's all working fine. But I want to be able to route all
incoming http requests to PC2. I tried this, but it doesn't seem to work:
iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d $EXTIP \
--dport 80 -j DNAT --to $WEBSERVER:80
iptables -A FORWARD -p tcp -d $WEBSERVER --dport 80 -j ACCEPT
When I try to access http://84.xx.xx.xx from outside the network I get a
message that the server couldn't be found.
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security