[ Home | Articles | Account | People | Projects | FAQ ] It's 4am(PST)...do you know what your firewall is
doing?
Well, I was wondering why my internal net boxes (such as my whinedoze box) couldn't get to the net, but all outside requests could get in with no problem (i.e. my website).
<yawn> answer...I forgot to bind the
iptables
PREROUTING
chain to
my external interface only. So this:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
--to-destination 10.0.0.3:80
was changed to this:
iptables -t nat -A PREROUTING -i $EXTERNAL -p tcp --dport 80
-j DNAT --to-destination 10.0.0.3:80
Before the change, PREROUTING the chain, by default, was applied to both interfaces. Thus, all incoming port 80 requests on my internal interface were connecting to itself. I didn't see this until I ran 'tcpdump -i eth1'. Since my workstation is my gateway (for now...), I didn't notice this problem until I tried accessing the web on my internal LAN.
Ah well, case solved.
Good night.
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!