Hi all,
I'm using iptables 1.2.2 on a RH box running kernel 2.4.4. I'm trying to
set up something that I did once a long time ago, but alas I seem to have
forgotten how to do it.
The firewall has two NICs. I want all WWW requests coming through eth0 to
get sent to a specific web server. As in, no matter what URL the user
tries to access, they always go to a specific web server. Here's the
command I remember working but doesn't seem to:
iptables -t nat -A PREROUTING -i eth0 -p tcp \
--dport http -j DNAT --to 141.140.1.18
Then I check what my ruleset is by using iptables -L -t -nat:
[root@ns /root]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http
to:141.140.1.18
I also double-check my mangle and filter tables to make sure I don't have
some leftover rule there that is messing this up. Both those tables are
empty.
This looks right to me, but here is what happens to a client. If the
client tries to access the web server on 141.140.1.18, it works. If the
client tries to access any other web server, the client's web browser just
hangs. And I have tested the client's behavior without any rules, and
accessing anything works fine, so I don't think there's some kind of
routing problem. I've also tried adding the rule to the OUTPUT chain, but
that doesn't work either.
Like I said, I had this working at one time, so I know it can be done.
What am I missing?
Thanks in advance,
Ted Fines
