Results 1 to 2 of 2

Thread: iptables http forwarding problem

Hybrid View

  1. #1

    iptables http forwarding problem

    I have a Fedora Core 6 server with 3 NICs installed as follows

    eth0 - Network = IP=
    eth1 - Network = IP=
    eth2 - Network = IP=

    I need requests from the clients on the network to access the web server at by using the url http : //

    So far I have iptables configured to allow http requests to be forwarded to the web server but they are not routing back and I appear to have been going round in circles so need some help/advice.

    my iptables file is very basic and is as follows:

    # Generated by iptables-save v1.3.5 on Mon Apr 21 16:51:24 2008
    :INPUT ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i eth1 -j ACCEPT
    -A INPUT -i eth2 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    -A FORWARD -i eth0 -o eth2 -p tcp --dport 80 -j ACCEPT
    :OUTPUT ACCEPT [0:0]
    :dmz - [0:0]
    -A PREROUTING -i eth0 -j dmz
    -A PREROUTING -d -j dmz
    -A OUTPUT -d -j dmz
    -A dmz -p tcp --dport 80 -j DNAT --to-destination
    -A POSTROUTING -s -d -j SNAT --to-source
    using tcpdump on the interface eth2 data can be seen passing through the interface to the web server:
    # tcpdump -i 3 port 80
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes
    19:41:22.535251 IP <SERVER_FQDN>.beacon-port-2 > S 102350687:102350687(0)
    win 65535 <mss 1460,nop,nop,sackOK>
    However it is not being routed back, as indicatd in /proc/net/ip_conntrack

    tcp      6 111 SYN_SENT src= dst= sport=4405 dport=80 packets=1 
    bytes=48 [UNREPLIED] src= dst= sport=80 dport=4405 packets=0 bytes=0 
    mark=0 secmark=0 use=1
    Any clues/solutions to this problem most welcome
    Happy to supply further info if needed.

  2. #2
    Resolved - the postrouting masquerade needs to be on eth2 not eth0

    Amend the POSTROUTING line as follows


Similar Threads

  1. iptables, forwarding between interfaces
    By yates in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 12-07-2012, 04:01 PM
  2. linux firewall, iptables forwarding problem
    By weiwei in forum Redhat / Fedora
    Replies: 1
    Last Post: 05-29-2011, 04:58 PM
  3. How to forward local HTTP requests to remote Proxy with IPTables ?
    By asdamha in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 05-12-2011, 11:51 AM
  4. allowing incoming http requests-iptables-red hat 9.0
    By s_hcl in forum Linux - Software, Applications & Programming
    Replies: 25
    Last Post: 08-24-2006, 05:52 AM
  5. Port Forwarding IPTABLES Script
    By Coral_Sea in forum Programming
    Replies: 0
    Last Post: 10-08-2002, 10:56 PM


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts