[Gllug] Routing strangeness
Adrian McMenamin
adrian at mcmen.demon.co.uk
Sat Oct 23 12:42:05 UTC 2004
I am not sure if anybody can help me with this, but here goes anyway....
I have setup port forwarding on my firewall/router like this...
(from /etc/sysconfig/iptables - eth1 is the external interface
-A PREROUTING -p tcp -i eth1 --dport 80 -j DNAT --to IP_APACHE_BOX
-A FORWARD -p tcp -m tcp -i eth1 -s IP_ACCESS -d IP_APACHE_BOX --dport 80 -j
ACCEPT
-A FORWARD -p tcp -m tcp -i eth1 --dport 80 -j LOG
-A FORWARD -p tcp -m tcp -i eth1 -d IP_APACHE_BOX --dport 80 -j DROP
I only want browsers from IP_ACCESS to be able to see the site
The external IP address of my firewall/router is newgolddream.dyndns.info
Now, the problem I have is that during the working day it seems connectivity
is extremely patchy - public traceroutes (via traceroute.org) from all over
the world seem to stall inside Homechoice's (my ISP) network.
Yet whenever I test it all in the evening all seems fine. But... the external
IP address is dynamic and I have had to reset the interface a couple of times
(though Homechoice do not report *any* problems).
Rather than leave the apache box on overnight, I then usually power it down
and restart it in the morning, whereupon it appears that connectivity is
patchy.
Could this be anything at all to do with my firewall, or is it just dodgy
routing from Homechoice?
In the past I have been able to rely on HC connections staying good for up to
20 days - but that was an old style ppp connection and I wasn't relying on
portforwarding then.
Adrian
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list