Hey Nathan,

Howzit goin?

Here's that "love":

On Thu, Apr 28, 2011 at 5:41 PM, Nathan England <nathan@paysonlinux.org>wrote:

> I'm running a fedora 14 machine with eth0 being internal and eth1
> being external. It is setup for transparent proxying with dansguardian
> and squid. All works well. I also have apache running for web
> development on port 80, and I can access it. However, I want to access
> that web server from the outside world. I cannot for the life of me
> (atleast within the limits of my patience) get port 80 open on the
> external interface so I can access the web server.
>
> Can anyone offer some advice to make iptables show me some love? Or
> can I not do this all on the one machine?
>

Dansguardian comes with basic iptables that look something like this:

# Allow port 8080 (Dansguardian) to receive connections
iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT

# Redirect port 80 to Dansguardian (port 8080)
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-ports 8080

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth1 -o eth1 -j REJECT

==end example==

So, I assume you aren't doing NAT, but you don't want to have the reject
statement?

test:

# /sbin/iptables-save |grep REJECT
# /sbin/iptables-save >file
# cp file file-new
# vi file-new  == change your order or read your whole tables and edit  (or
post to the list so we can do it for you
# /sbin/iptables-restore <file-new

TEST your internal to external port 80

Works? Save
# /etc/init.d/iptables save

No joy?  Rollback
# /sbin/iptables -F (don't do this if you are doing NAT or in production)
# /sbin/iptables-restore <file
# /etc/init.d/iptables save

And remember if you get stuck, post your whole iptables here (obfuscating
real ipaddresses, etc) and we will fix it for ya.

Also check this great resource:

http://www.krr.org/linux/debian/HOWTO_QUICKIE_-_install_dansguardian.php

>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Nathan England
> I believe in the Constitution and the 4th Amendment. I am innocent and
> have nothing to hide, but NO agent of the state crosses my threshhold
> without a valid warrant signed by a judge and properly submitted. If
> we fail to exercise our rights, we lose them.
>

-- 
(503) 754-4452 iPhone
(623) 239-3392 Skype
(623) 688-3392 Google Voice

 http://www.it-clowns.com

"If Python is executable pseudocode, then perl is executable line noise."