[Nottingham] Port forwarding with iptables

Steve Goodliff nottingham at mailman.lug.org.uk
Tue Apr 29 16:37:01 2003 

> -----Original Message-----
> From: nottingham-admin@mailman.lug.org.uk
> [mailto:nottingham-admin@mailman.lug.org.uk]On Behalf Of Robert Davies
> Sent: 29 April 2003 16:11
> To: nottingham@mailman.lug.org.uk
> Subject: Re: [Nottingham] Port forwarding with iptables
>
>
> On Tuesday 29 Apr 2003 15:42, Steve Goodliff wrote:
>
> > Please can anyone help me out with my latest linux networking conundrum
>
> Hi Stevie!!
>
> > I have a redhat 8.0 machine with 3 NIC's. 2 of them are
> connected to ADSL
> > routers and the 3rd to our internal network.
> >
> > Both routers have web front ends which I would like to access
> by connecting
> > to the redhat box and then move onto some sort of balancing
> traffic across
> > the 2.
>
> Have you enabled IP forwarding, and are clients on your internal
> network setup
> with a default route to the Red Hat box?  I assume you try to
> access the web
> admin pages on the routers first.  For the 2nd part of your
> question, you'll
> likely need to use Advanced routing HOWTO, the ip command in
> iproute2 package
> allows various balancing strategies.  You may find simply
> defining 2 default
> routes on the Red Hat box suffices, IIRC it's a configurable
> kernel option to
> treat them with equal weighting which RH may set or not.
>
> Rob
>
> _______________________________________________
> Nottingham mailing list
> Nottingham@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>

Hello,

All the workstations have the redhat box set as their gateway, that bit
works a treat. Just want to get the access to the web front ends  from the
LAN. I've put the firewall rules in that phil suggested, cheers.

I can see this output from tcpdump on the NIC that is connected to the adsl
router, but no data comes back from the router ( I know router's webfront
end is working as i can connect to it via lynx from the redhat box)

16:30:07.006388 10.1.1.194.44992 > 192.168.1.1.http: S
3580018260:3580018260(0) win 5840 <mss 1460,sackOK,timestamp 1415235782
0,nop,wscale 0> (DF) [tos 0x10]

Maybe the router isn't sending its responses  back to the redhat box ? but
trying to directly send to the workstation on the 10.x network which it cant
reach.