iptables 1.2.7+ is screwed up
For some reason scripts arent working on 1.2.7+ of iptables. Here is a basic script that doesnt work. I've confirmed this with gentoo and linux distros with 1.2.7+ version of iptables.
Script on works with 1.2.6a
Hello and good morning!
I am having a heck of a time. I spent all day trying to figure out why
my IPtables script isnt working on my new firewall machine.
Old box ( WORKING ) Slackware 8.1 - iptables 1.2.6a
New box ( NOT WORKING ) Gentoo - iptables 1.2.8
I did check the gentoo kernel and it has everything the Slackware box
has. Plus I've read the documentation and I've done this for a while. I
did re-compile iptables to conform with the new kernel on gentoo.
For some reason httpd is filtered on the gentoo box and open on the
slackware box. I even tried using webmin to setup up everything
identical but no go.
Yes apache is bound to the internal IP. I can reach apache from any
All I want to do is keep my apache box on the local network and forward
the requests from the firewall to my internal apache server.
The firewall is also the gateway for internet access for the local
Apache = 192.168.1.1
Firewall - external IP = 220.127.116.11
My current rc.firewall script works on slack but not gentoo ( 1.2.6a not
1.2.8 of iptables):
# now to flush/clear out the iptables first
iptables -F -t nat
iptables -F -t mangle
iptables -F -t filter
echo "1" > /proc/sys/net/ipv4/conf/all/forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT --to 18.104.22.168
echo " Forwarding http traffic to Gadaffi.solarplex.org "
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 22.214.171.124 --dport 80
-j DNAT --to-destination 192.168.1.1:80
iptables -A FORWARD -p tcp -i eth1 -d 192.168.1.1 --dport 80 -j ACCEPT
# now to list the iptables
iptables -L -t nat