On Tuesday 25 January 2011 08:13 PM, Tim wrote:
On Tue, 2011-01-25 at 19:33 +0530, Jatin K wrote:
> I've tested this function through other ISP ( from my other branch )
> .... and also checked it from my phone on 3G network
Then, you've got several things to think about:
Firewall. Is it getting in the way, before or after the NAT rule?
Is there something before your computer (e.g. a modem/router)? Does it
need configuring to let it through.
yes there is ADSL router ..... which forwards
port 80 from wan to lan 80
( means to port 80 on firewall )
setup is like ADSL----> NIC 1 of firewall NIC 2 connects to the
webserver
if any request arrives to live ip on ADSL Router it sends it to the
firewall ( I've tested it by running httpd on firewall and it works fine )
Is your webserver listening for connections on all interfaces?
yes
Once you get it going, I'd go back and refine your NAT rule. Do
you
want all ports to be NATed through, or just port 80?
I just want only port 80 to be NATed ( if request arrives on port 80
on my live ip it should be nated to the entire webserver through firewall )
By way of example, I've just copied (below) a few rules that I
have on
an old Fedora box, back from when I was using dial-up. Those narrowed
down connections to only TCP, particular TCP port numbers, particular
interfaces, and/or particular source addresses.
iptables --table nat --append PREROUTING --protocol tcp --destination-port 80 --jump DNAT
--to-destination 192.168.1.1:80
I've done the same thing like you said
iptables -t nat -A PREROUTING -d xx.xx.xx.xx -t tpc --dport 80 -j DNAT
--to-destination 192.168.131.131
iptables --table nat --append PREROUTING --protocol tcp
--in-interface ppp+ --source 2.3.4.5 --destination-port 80 --jump DNAT --to-destination
192.168.1.1:80
iptables --table nat --append PREROUTING --protocol tcp --in-interface ppp+ --source
0.0.0.0/0 --destination-port 443 --jump DNAT --to-destination 192.168.1.6:443
--
°v°
/(_)\
^ ^ Jatin Khatri
Registerd Linux user No #501175
www.counter.li.org
No M$