> -----Original Message----- > From: Hanasaki JiJi [mailto:[EMAIL PROTECTED] > Sent: Thursday, 5 June 2003 4:17 PM > To: List - Debian Security > Subject: Re: question squid + firewall + http server inside firewall > > > Michael, > > unfortunately, that didnt work. Your logic makes sense. > Below is the > output of the relavant lines: iptables -L -t nat > > any other ideas would be great! > > SNAT tcp -- 192.168.1.0/24 [internalhost] tcp dpt:www to:65.30.34.80 >
Could there be other rules in the firewall interfering with this? I tend to use tcpdump a lot to find out which packets the firewall machine is seeing. If what I originally described is happening then you'll see packets leave the firewall to the http server but no packets will return (they'll go directly to the internal machine). If the above rule is functioning then you'll see the responses and it's a matter of checking that they're not being blocked by some other rule. It helps also to log what is happening as far as the http server is concerned. And simialrly on the machine making the requests. This is how I diagnosed my problem. Michael -- Michael Sharman Dytech Solutions (03) 6224 4116 [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
