| View previous topic :: View next topic |
| Author |
Message |
fido
Tux's lil' helper
Joined: 16 Jul 2003
Posts: 148
Location: WSU, Pullman, WA
|
 Posted: Fri Jun 17, 2005 4:23 pm Post subject: iptables not redirecting correctly |
 |
|
I seems to have run into an interesting problem using iptables to do nat for my home network:
I have an internal server running apache, which I want to connect from the outside world, running on ip 192.168.0.3. Since my ISP (in their infinite wisdom) block port 80, I use 8080 instead. Aside from the typical NAT rules, my redirect rule is
| Code: |
Chain PREROUTING (policy ACCEPT 2823 packets, 435K bytes)
pkts bytes target prot opt in out source destination
2 96 DNAT tcp -- eth1 any anywhere anywhere tcp dpt:http-alt to:192.168.0.3
|
The router box has 2 nics: 1 external (eth1) and 1 internal (eth0). Now, when I try and browse the pages from the outside, I can see the apache test page just fine. However, when I try and browse a page underneath the root (specifically, I have mediawiki installed and am trying to browse that), I get a "page cannot by displayed" message. However, my apache logs show it correctly finding and sending the pages to me (or so the logs say).
| Code: |
<my broswer's (world) ip> - - [17/Jun/2005:09:13:32 -0700] "GET /mediawiki/ HTTP/1.1" 301 26 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
|
This leads me to think that there is a problem with my iptables config. I would be happy to post any further info needed.
Thanks in advance.
_________________
Amatures built the Ark, professionals built the Titanic |
|
| Back to top |
|
 |
Popacsek
n00b
Joined: 06 Jan 2003
Posts: 36
|
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jun 18, 2005 10:41 pm Post subject: |
|
|
| Quote: | | However, my apache logs show it correctly finding and sending the pages to me (or so the logs say). |
No they don't - where do you get that ?
| Code: | | <my broswer's (world) ip> - - [17/Jun/2005:09:13:32 -0700] "GET /mediawiki/ HTTP/1.1" 301 |
301 is not OK - 200 is.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
A 301 is a "page moved permanently", which apache returns in either of two situations: one, if you have actually flagged the loaction in your apache config to have been moved to another URL (you didn't) or two, if apache itself cannot find the page - which indicates a weird access/permission problem.
(If apache can't find or access the page in normal situations you know what you get - either a 404 or a 401.)
Apache config problem, in other words.
Also, to redirect from 8080 to apache's normal port 80, use the REDIRECT target - it was made for this.
You don't need to, of course - you could simply let apache listen on 8080 instead.
But you did not indicate which of the above two methods you used, so I assume that part works okay.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
fido
Tux's lil' helper
Joined: 16 Jul 2003
Posts: 148
Location: WSU, Pullman, WA
|
| Posted: Sat Jun 18, 2005 10:46 pm Post subject: |
|
|
AAAhhhh.. *smacks forehead* Adaptr is all over it. Yes, I didn't notice the 301 code. I will look into the permissions and such for the directory.
As far as the apache config is concerned, apache is listening on both 80 and 8080.
Thanks for the help all. Sometimes you've been looking at logs for too long and another set of eyes finds all kinds of errors.
_________________
Amatures built the Ark, professionals built the Titanic |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
