[TriLUG] Iptable problem

jeffj at ro.com jeffj at ro.com
Sun Mar 17 07:35:14 EST 2002 

"Jeri C. Gloege" <gloege at metalab.unc.edu> said the following on the auspicious date of 02-03-16:

>I have a box set up as a simple firewall doing NAT and also running 
>apache.  It is doing vhosts on one of the outside addresses.  Everything 
>works except people inside the network cannot access anything I have 
>locally running.  The packets aren't dropped - they just seem to vanish. 
> The default policy on every table is accept except forward:

>Chain FORWARD (policy DROP 0 packets, 0 bytes) 
>pkts bytes target     prot opt in     out     source               
>destination       
> 60241 9906K ACCEPT     all  --  any    any     anywhere             
>anywhere           state RELATED,ESTABLISHED  
> 361 18321 ACCEPT     all  --  eth0   any     192.168.0.0/24       
>anywhere           state NEW 

>(Needless to say eth0 is internal lan)

>Chain POSTROUTING (policy ACCEPT 591 packets, 37808 bytes) 
>pkts bytes target     prot opt in     out     source               
>destination     
>465 41285 MASQUERADE  all  --  any    any     192.168.0.0/24       
>anywhere    


>That is it for rules.  Now, if I sniff on eth0 I see the incoming syn 
>packets for the webserver but no replies.  HELP!  I am clueless as to why
> this is not working.  

Is the webserver actually getting a request? If it is and if it is trying to respond to the request, I think what may be happening is that masquerading is causing confusion. NAT could be happening to the LAN packets destined for the server, but when the server tries to reply it does so directly to the machine that generated the request, skipping NAT.

If that seems to be occurring (I could be entirely wrong), then check out sections 6.3 and 10 of the NAT howto which propose possible solutions:

http://netfilter.samba.org/documentation/HOWTO//NAT-HOWTO.html

I hope that helps!

>Beer next time I am in NC for whomever gets me a solve.  I have got to
>get  this sucker fixed asap!


--------------------------------------------------
MS Windows -- An entomologist's dream

Jeff Jackowski      http://ro.com/~jeffj/
"Luncheon meats make the sawdust in your stomach
 explode."          -- Crow T. Robot

More information about the TriLUG mailing list