Forwarding http requests through firewall

This is a discussion on Forwarding http requests through firewall within the Linux Security forums, part of the System Security and Security Related category; Can anyone help with this? I have a home network. This is connected to the Internet through one machine that ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page Forwarding http requests through firewall

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 11-20-2005
Phil
 
Posts: n/a
Default Forwarding http requests through firewall
Can anyone help with this? I have a home network. This is connected to the
Internet through one machine that is connected to a WiMax system. That
machine (let's call it PC1) is running SuSEfirewall2. Another machine (PC2)
on the network is running Apache, and I want this to be world-reachable, so
I need to forward http requests arriving at PC1 to PC2. But I can't get it
to work. Help would be appreciated.

Here are the details:

PC1 has two NICs:
- eth0 has static IP 192.168.0.10 and is connected to the LAN via a hub.
- eth1 has static IP 84.xx.xx.xx (ie, reachable from the Internet) and is
connected to the Wi-Max box.
This PC is running SuSEfirewall2 which is configured with port 80 open (I've
tested this by running Apache temporarily on the machine and it was
reachable from the Internet. Apache has since been disabled).

PC2 has static IP 192.168.0.2 and is running Apache listening on port 80.

I have the current startup script:

#!/bin/sh
INTIF="eth0"
EXTIF="eth1"
EXTIP="84.xx.xx.xx"

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F

# FWD: Allow all connections OUT and only existing and related ones IN
iptables -A FORWARD -i $EXTIF -o $INTIF -m state \
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

This allows other machines on the network to use 192.168.0.10 as their
gateway. That's all working fine. But I want to be able to route all
incoming http requests to PC2. I tried this, but it doesn't seem to work:

WEBSERVER="192.168.0.2"
iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d $EXTIP \
--dport 80 -j DNAT --to $WEBSERVER:80
iptables -A FORWARD -p tcp -d $WEBSERVER --dport 80 -j ACCEPT

When I try to access http://84.xx.xx.xx from outside the network I get a
message that the server couldn't be found.

Any thoughts?

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 09:29 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0