I need a little help. I have a firewall with 2 ip addresses using eth0:1 for the second ip. I also have a Apache web server running a virtual domain on port 8080. It also uses eth0:1 to address 192.168.0.20. In my rules file I have the following entry to point to the virtual server DNAT net loc:192.168.0.11 tcp 8080 80 63.xxx.xxx.215 Unfortuately, when I try to address this server, it loads the main web page at port 80. Any thoughts? Thanks; Mike
Mike Oroza wrote:> I need a little help. I have a firewall with 2 ip addresses using > eth0:1 for the second ip. I also have a Apache web server running a > virtual domain on port 8080. It also uses eth0:1 to address 192.168.0.20. > > In my rules file I have the following entry to point to the virtual server > > DNAT net loc:192.168.0.11 tcp 8080 80 63.xxx.xxx.215 > > Unfortuately, when I try to address this server, it loads the main web > page at port 80. > > Any thoughts?Yes -- your rule says: When the firewall receives a TCP connection request for destination port 8080 with source port 80 and destination IP address 63.xxx.xxx.215 then that request should be redirected to port 8080 at local IP address 192.168.0.11. Since no Browser on earth uses low ports like 80 as its local port number, the rule is nonsense. From your post, I can''t tell what rule you need but the one you have is obviously wrong. If you can give us more information, we''ll try to direct you toward the correct rule. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Mike Oroza wrote:> I did try using: > > DNAT net loc:192.168.0.11 tcp 8080 - 63.xxx.xxx.215 > > That didn''t work either. > > What information am I missing? >What is the IP address of the system where the server runs (192.168.0.11 maybe)? What port is that server listening on? What IP address on the firewall do you want to use (I assume the fabled 63.xxx.xxx.215 even though we know from your SMTP headers that the address is something else)? What Port on the Firewall do you want external clients to connect to? -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> > > Mike Oroza wrote: > >> I did try using: >> >> DNAT net loc:192.168.0.11 tcp 8080 - 63.xxx.xxx.215 >> >> That didn''t work either. >> >> What information am I missing? >> > > What is the IP address of the system where the server runs (192.168.0.11 > maybe)? > > What port is that server listening on? > > What IP address on the firewall do you want to use (I assume the fabled > 63.xxx.xxx.215 even though we know from your SMTP headers that the > address is something else)? > > What Port on the Firewall do you want external clients to connect to? >Well I didn''t realize that these questions would take so long to answer. I''m going to go watch the World Series game but if the answers to the four questions are W, X, Y and Z respectively then the rule you want is: DNAT net loc:W:X tcp Z - Y -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net