I am preparing a webserver which will work behind a proxy. For this I am using IPtables. The Internal proxy address is 192.168.0.12 The External proxy address is 203.199.111.24 The Webserver address is 192.168.0.14 The code for iptables is given below. My problem is that the website is working when I access it from the internal network despite the fact that there is no DNS for any machines except the proxy. But when I access it from putside the network there is no reply
/* Code in iptables */
PROXY_EXTERNAL=203.199.111.24 PROXY_INTERNAL=192.168.0.12 WEB_ADDR=192.168.0.14
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_INTERNAL -p tcp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_INTERNAL -p udp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_INTERNAL -p tcp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_INTERNAL -p udp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_EXTERNAL -p tcp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_EXTERNAL -p udp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_EXTERNAL -p tcp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst $PROXY_EXTERNAL -p udp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst $PROXY_INTERNAL --dport 20 -j SNAT --to-source $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p udp --dst $PROXY_INTERNAL --dport 20 -j SNAT --to-source $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst $PROXY_INTERNAL --dport 21 -j SNAT --to-source $WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p udp --dst $PROXY_INTERNAL --dport 21 -j SNAT --to-source $WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst $PROXY_EXTERNAL --dport 20 -j SNAT --to-source $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p udp --dst $PROXY_EXTERNAL --dport 20 -j SNAT --to-source $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst $PROXY_EXTERNAL --dport 21 -j SNAT --to-source $WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p udp --dst $PROXY_EXTERNAL --dport 21 -j SNAT --to-source $WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL -p tcp --dport 20 -j DNAT --to-destination $WEB_ADDR:20 /sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL -p udp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL -p tcp --dport 20 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL -p udp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL -p tcp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL -p udp --dport 20 -j DNAT --to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL -p tcp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL -p udp --dport 21 -j DNAT --to-destination $WEB_ADDR:21
=====
Linux is user-friendly, it is just picky who its friends are
If GNU/Linux doesn't have the solution, you have the wrong problem
mailto: varunop@yahoo.com
website: http://varunop.blogspot.com
Unix is very simple, Only it takes a genius to simplify it
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com