On Tue, 2011-01-25 at 22:43 +0530, Jatin K wrote: > setup is like ADSL----> NIC 1 of firewall NIC 2 connects to the > webserver > > if any request arrives to live ip on ADSL Router it sends it to the > firewall ( I've tested it by running httpd on firewall and it works > fine ) Okay, I've done something similar in the past: dial-up modem to gateway box (firewall and NAT), with a webserver on another box further inside the LAN. Looking through my old firewall configuration file, I had, on the firewall: default input rules set to drop default output rules set to allow input accept rule for this traffic temporary input log rule for this traffic (for debugging) input nat table prerouting rule for this traffic input accept state rule for established & related temporary input log state rule for established & related And, on the internal webserver: default input rules set to drop default output rules set to allow input accept rule for this traffic input accept state rule for established & related You can play around with putting log rules ahead of your accept and redirect rules, to see attempts that may or may not get through. And log rules after them, to show what did get through. And, since you're playing with NAT, the end of the firewall rule script would have something like: iptables --table nat --append POSTROUTING --out-interface ppp+ --jump MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward It's been a hell of a long time since I've had to do this, but I suspect your problem may be to do with firewall rules on the web server box, inside your LAN. External IP addresses disallowed through the LAN interface, perhaps? These days I do it all on the modem/router. Its firewall is up. It only allows through a webserver on occasions I'm temporarily running one (with a forwarding rule on the modem/router). All the client computers run their own firewalls. My public website is hosted externally. Where *they* have to deal with spam, security, uptime. And I don't have to keep a permanent IP, nor permanently running computer. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
