New subject: SCO - IBM suit ... more news

20 May 2003


      I am preparing a webserver which will work behind a
proxy. For this I am using IPtables.
The Internal proxy address is 192.168.0.12
The External proxy address is 203.199.111.24
The Webserver address is 192.168.0.14
The code for iptables is given below. My problem is
that the website is working when I access it from the
internal network despite the fact that there is no DNS
for any machines except the proxy. 
But when I access it from putside the network there is
no reply
/* Code in iptables */
PROXY_EXTERNAL=203.199.111.24
PROXY_INTERNAL=192.168.0.12
WEB_ADDR=192.168.0.14
/sbin/iptables -t nat -A PREROUTING --dst
$PROXY_INTERNAL -p tcp --dport 21 -j DNAT
--to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst
$PROXY_INTERNAL -p udp --dport 21 -j DNAT 
--to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst
$PROXY_INTERNAL -p tcp --dport 20 -j DNAT
--to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst 
$PROXY_INTERNAL -p udp --dport 20 -j DNAT
--to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst 
$PROXY_EXTERNAL -p tcp --dport 21 -j DNAT
--to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst 
$PROXY_EXTERNAL -p udp --dport 21 -j DNAT 
--to-destination $WEB_ADDR:21
/sbin/iptables -t nat -A PREROUTING --dst
$PROXY_EXTERNAL -p tcp --dport 20 -j DNAT
--to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A PREROUTING --dst 
$PROXY_EXTERNAL -p udp --dport 20 -j DNAT
--to-destination $WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst
$PROXY_INTERNAL --dport 20 -j SNAT --to-source
$WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p udp --dst
$PROXY_INTERNAL --dport 20 -j SNAT --to-source
$WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst
$PROXY_INTERNAL --dport 21 -j SNAT --to-source
$WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p udp --dst
$PROXY_INTERNAL --dport 21 -j SNAT --to-source
$WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst
$PROXY_EXTERNAL --dport 20 -j SNAT --to-source
$WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p udp --dst
$PROXY_EXTERNAL --dport 20 -j SNAT --to-source
$WEB_ADDR:20
/sbin/iptables -t nat -A POSTROUTING -p tcp --dst
$PROXY_EXTERNAL --dport 21 -j SNAT --to-source
$WEB_ADDR:21
/sbin/iptables -t nat -A POSTROUTING -p udp --dst
$PROXY_EXTERNAL --dport 21 -j SNAT --to-source
$WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL
-p tcp --dport 20 -j DNAT --to-destination
$WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL
-p udp --dport 20 -j DNAT --to-destination
$WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL
-p tcp --dport 20 -j DNAT --to-destination
$WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_INTERNAL
-p udp --dport 21 -j DNAT --to-destination
$WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL 
-p tcp --dport 20 -j DNAT --to-destination
$WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL 
-p udp --dport 20 -j DNAT --to-destination
$WEB_ADDR:20
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL
-p tcp --dport 21 -j DNAT --to-destination
$WEB_ADDR:21
/sbin/iptables -t nat -A OUTPUT --dst $PROXY_EXTERNAL
-p udp --dport 21 -j DNAT --to-destination
$WEB_ADDR:21
=====
Linux is user-friendly, it is just picky who its friends are
If GNU/Linux doesn't have the solution, you have the wrong problem
mailto: varunop@yahoo.com
website: http://varunop.blogspot.com
Unix is very simple, Only it takes a genius to simplify it
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

Web Server behind proxy (IPtables problem)