Thank you greatly for the help! I resolved it. One of my lines was mistyped, and when I found it I promptly deleted it! Then realized I should have posted it so everyone would know what the offending line was... sorry. It was a proper line, but the system would work until I entered that rule in, then all would stop. Oh well, it works now! Thanks again! On Thu, Apr 28, 2011 at 7:40 PM, Lisa Kachold wrote: > Hey Nathan, > > Howzit goin? > > Here's that "love": > > On Thu, Apr 28, 2011 at 5:41 PM, Nathan England > wrote: >> >> I'm running a fedora 14 machine with eth0 being internal and eth1 >> being external. It is setup for transparent proxying with dansguardian >> and squid. All works well. I also have apache running for web >> development on port 80, and I can access it. However, I want to access >> that web server from the outside world. I cannot for the life of me >> (atleast within the limits of my patience) get port 80 open on the >> external interface so I can access the web server. >> >> Can anyone offer some advice to make iptables show me some love? Or >> can I not do this all on the one machine? > > Dansguardian comes with basic iptables that look something like this: > > # Allow port 8080 (Dansguardian) to receive connections > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > > # Redirect port 80 to Dansguardian (port 8080) > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > --to-ports 8080 > > # Allow outgoing connections from the LAN side. > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > > # Masquerade. > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > # Don't forward from the outside to the inside. > iptables -A FORWARD -i eth1 -o eth1 -j REJECT > > ==end example== > > So, I assume you aren't doing NAT, but you don't want to have the reject > statement? > > test: > > # /sbin/iptables-save |grep REJECT > # /sbin/iptables-save >file > # cp file file-new > # vi file-new  == change your order or read your whole tables and edit  (or > post to the list so we can do it for you > # /sbin/iptables-restore > TEST your internal to external port 80 > > Works? Save > # /etc/init.d/iptables save > > No joy?  Rollback > # /sbin/iptables -F (don't do this if you are doing NAT or in production) > # /sbin/iptables-restore # /etc/init.d/iptables save > > And remember if you get stuck, post your whole iptables here (obfuscating > real ipaddresses, etc) and we will fix it for ya. > > Also check this great resource: > > http://www.krr.org/linux/debian/HOWTO_QUICKIE_-_install_dansguardian.php >> >> >> -- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> Nathan England >> I believe in the Constitution and the 4th Amendment. I am innocent and >> have nothing to hide, but NO agent of the state crosses my threshhold >> without a valid warrant signed by a judge and properly submitted. If >> we fail to exercise our rights, we lose them. > > -- > (503) 754-4452 iPhone > (623) 239-3392 Skype > (623) 688-3392 Google Voice > >  http://www.it-clowns.com > > "If Python is executable pseudocode, then perl is executable line noise." > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathan England I believe in the Constitution and the 4th Amendment. I am innocent and have nothing to hide, but NO agent of the state crosses my threshhold without a valid warrant signed by a judge and properly submitted. If we fail to exercise our rights, we lose them. --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss