It's 4am(PST)...do you know what your firewall is
doing?
Well, I was wondering why my internal net boxes (such as my whinedoze box) couldn't get to the net, but all outside requests could get in with no problem (i.e. my website).
<yawn> answer...I forgot to bind the
iptables
PREROUTING
chain to
my external interface only. So this:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
--to-destination 10.0.0.3:80
was changed to this:
iptables -t nat -A PREROUTING -i $EXTERNAL -p tcp --dport 80
-j DNAT --to-destination 10.0.0.3:80
Before the change, PREROUTING the chain, by default, was applied to both interfaces. Thus, all incoming port 80 requests on my internal interface were connecting to itself. I didn't see this until I ran 'tcpdump -i eth1'. Since my workstation is my gateway (for now...), I didn't notice this problem until I tried accessing the web on my internal LAN.
Ah well, case solved.
Good night.