Nailz
06-09-2003, 10:58 AM
Ok. I hate to rehash an already popular topic, but I'm just not getting it....
I have a cable modem (dynamic IP) which is going to my Red Hat 8 box (as my firewall): 1 external NIC (eth0) and 1 internal to my LAN (eth1). I'm running iptables and utilizing gShield to run my firewalling script.
Right now all internal workstations have access to the internet for web browsing, mail, etc. 1 workstation in particular is set aside for DMZ (for work). I just setup another server which I want to run as my Web Server/FTP server on the internal LAN (since I don't want to run that on my Linux firewall).
So far so good, right?
So now I ran the command
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.3
But once I did this not only could I not hit my website (which is viewable from the internal network), but the other PC's on my LAN couldn't browse the web. Same thing happened if I tried using port 8000 by the way.
**Note: I used my dmz machine to vpn into work and try to hit my external IP address. I was expecting it to forward to my internal webserver.
3 things:
- Why is my port forwarding not working?
- Why did that effect my internal pc's web viewing? (I thought they should remain unaffected by this forward).
- What is the default file for all iptables information? Can I manually edit this if needed?
Thanks
I have a cable modem (dynamic IP) which is going to my Red Hat 8 box (as my firewall): 1 external NIC (eth0) and 1 internal to my LAN (eth1). I'm running iptables and utilizing gShield to run my firewalling script.
Right now all internal workstations have access to the internet for web browsing, mail, etc. 1 workstation in particular is set aside for DMZ (for work). I just setup another server which I want to run as my Web Server/FTP server on the internal LAN (since I don't want to run that on my Linux firewall).
So far so good, right?
So now I ran the command
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.0.3
But once I did this not only could I not hit my website (which is viewable from the internal network), but the other PC's on my LAN couldn't browse the web. Same thing happened if I tried using port 8000 by the way.
**Note: I used my dmz machine to vpn into work and try to hit my external IP address. I was expecting it to forward to my internal webserver.
3 things:
- Why is my port forwarding not working?
- Why did that effect my internal pc's web viewing? (I thought they should remain unaffected by this forward).
- What is the default file for all iptables information? Can I manually edit this if needed?
Thanks