All of lore.kernel.org
 help / color / mirror / Atom feed
From: Thomas Wallrafen <mails@ranulf.de>
To: netfilter@lists.netfilter.org
Subject: [DNAT] Disappearing Packets
Date: Fri, 10 Oct 2003 10:52:14 +0200	[thread overview]
Message-ID: <20031010085214.GA8722@jesus.fsmpi.rwth-aachen.de> (raw)

Hi all!

Sorry for asking this stupid question again, but searching the archives
couldn't help me solve my problem :(

I'm currently setting up an IPtables firewall using DNAT to access our
Webserver (192.168.0.42) and Masquerading to allow Internet access to
the clients.

Packets to the firewall (137.226.171.XXX) on port 80 can pass the FORWARD-chain:
(already DNATed...)
Oct 10 11:47:24 wormhole kernel: IN=eth0 OUT=eth1 SRC=170.252.80.XXX
DST=192.168.0.42 LEN=64 TOS=0x00 PREC=0x00 TTL=47 ID=39702 DF PROTO=TCP
SPT=48785 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0

The packets then get lost somehow. I can't trace back to where it is,
but the packets never reach the webserver on 192.168.0.42:80
With the webserver-logs I can confirm this.

My IPtables setup currently is very minimal due to the current
testing-status (only one Masquerading and one DNAT rule).

All chains are set up to ACCEPT all packets, as long as I haven't found
a solution to this problem.

We're using IPtables 1.2.6a with an unpatched Kernel 2.4.22.

Has anyone a suggestion how to solve this?

Kind regards,

    Thomas Wallrafen


-- 
    __  _     Debian GNU/      _
   / / (_)_ __  _  ____  ___  | |
  / /  | | '_ \| | | \ \ / /  | |
 / /___| | | | | |_| |>   <   |_|
 \_______|_| |_|\__,_/_/\__\  (_)



             reply	other threads:[~2003-10-10  8:52 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-10-10  8:52 Thomas Wallrafen [this message]
2003-10-10  9:17 ` Amendment: [DNAT] Disappearing Packets Thomas Wallrafen
2003-10-10 10:20 ` Ralf Spenneberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20031010085214.GA8722@jesus.fsmpi.rwth-aachen.de \
    --to=mails@ranulf.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.