On Fri, 2005-08-26 at 22:42 -0700, BIJU KRISHNAN wrote:
Dear Luggers,
I need some help on iptables
----------------- Req ----------------------------- The setup is as shown
C l i [192.168.109.40] e---->eth0 eth1--------> SunServer[internet] n [192.168.111.40] listens on 443 t s
The clients can connect only to port 80 of the proxy as the software is designed such.
---------what i've done------------------
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.18.128.177:443
iptables -t nat -A POSTROUTING -p tcp -m tcp --sport 443 -j SNAT --to-source 192.168.111.40
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 192.168.109.40
-------- how it works -------------------
There is no daemon listening on port 80 of the proxy.
When i telnet to port 80 of the proxy from one of the clients, i get connected but the conection is not persistent. When i press enter the connection is lost.
#telnet 192.168.111.40 80 Trying 192.168.111.40... Connected to 192.168.111.40. Escape character is '^]'. ^] telnet>
Why do you have the second rule? It is forcing the replies to clients packets go out with source port 443 instead of source port of 80. (Since client packets are sent to port 80, replies should also go from port 80.)
Amitay.