On Tue, 2011-01-25 at 22:43 +0530, Jatin K wrote:
setup is like ADSL----> NIC 1 of firewall NIC 2 connects to the webserver
if any request arrives to live ip on ADSL Router it sends it to the firewall ( I've tested it by running httpd on firewall and it works fine )
Okay, I've done something similar in the past:
dial-up modem to gateway box (firewall and NAT), with a webserver on another box further inside the LAN.
Looking through my old firewall configuration file, I had, on the firewall:
default input rules set to drop default output rules set to allow input accept rule for this traffic temporary input log rule for this traffic (for debugging) input nat table prerouting rule for this traffic input accept state rule for established & related temporary input log state rule for established & related
And, on the internal webserver:
default input rules set to drop default output rules set to allow input accept rule for this traffic input accept state rule for established & related
You can play around with putting log rules ahead of your accept and redirect rules, to see attempts that may or may not get through. And log rules after them, to show what did get through.
And, since you're playing with NAT, the end of the firewall rule script would have something like:
iptables --table nat --append POSTROUTING --out-interface ppp+ --jump MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward
It's been a hell of a long time since I've had to do this, but I suspect your problem may be to do with firewall rules on the web server box, inside your LAN. External IP addresses disallowed through the LAN interface, perhaps?
These days I do it all on the modem/router. Its firewall is up. It only allows through a webserver on occasions I'm temporarily running one (with a forwarding rule on the modem/router). All the client computers run their own firewalls.
My public website is hosted externally. Where *they* have to deal with spam, security, uptime. And I don't have to keep a permanent IP, nor permanently running computer.