Well, Brian solved it really; he's incredible. The rest of us have to read for context against clear documentation and compare via obnosis. Glad you fixed it. On Fri, Apr 29, 2011 at 9:33 AM, Nathan England wrote: > Thank you greatly for the help! I resolved it. One of my lines was > mistyped, and when I found it I promptly deleted it! Then realized I > should have posted it so everyone would know what the offending line > was... sorry. > > It was a proper line, but the system would work until I entered that > rule in, then all would stop. Oh well, it works now! Thanks again! > > On Thu, Apr 28, 2011 at 7:40 PM, Lisa Kachold > wrote: > > Hey Nathan, > > > > Howzit goin? > > > > Here's that "love": > > > > On Thu, Apr 28, 2011 at 5:41 PM, Nathan England > > wrote: > >> > >> I'm running a fedora 14 machine with eth0 being internal and eth1 > >> being external. It is setup for transparent proxying with dansguardian > >> and squid. All works well. I also have apache running for web > >> development on port 80, and I can access it. However, I want to access > >> that web server from the outside world. I cannot for the life of me > >> (atleast within the limits of my patience) get port 80 open on the > >> external interface so I can access the web server. > >> > >> Can anyone offer some advice to make iptables show me some love? Or > >> can I not do this all on the one machine? > > > > Dansguardian comes with basic iptables that look something like this: > > > > # Allow port 8080 (Dansguardian) to receive connections > > iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT > > > > # Redirect port 80 to Dansguardian (port 8080) > > iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT > > --to-ports 8080 > > > > # Allow outgoing connections from the LAN side. > > iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT > > > > # Masquerade. > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > > > # Don't forward from the outside to the inside. > > iptables -A FORWARD -i eth1 -o eth1 -j REJECT > > > > ==end example== > > > > So, I assume you aren't doing NAT, but you don't want to have the reject > > statement? > > > > test: > > > > # /sbin/iptables-save |grep REJECT > > # /sbin/iptables-save >file > > # cp file file-new > > # vi file-new == change your order or read your whole tables and edit > (or > > post to the list so we can do it for you > > # /sbin/iptables-restore > > > TEST your internal to external port 80 > > > > Works? Save > > # /etc/init.d/iptables save > > > > No joy? Rollback > > # /sbin/iptables -F (don't do this if you are doing NAT or in production) > > # /sbin/iptables-restore > # /etc/init.d/iptables save > > > > And remember if you get stuck, post your whole iptables here (obfuscating > > real ipaddresses, etc) and we will fix it for ya. > > > > Also check this great resource: > > > > http://www.krr.org/linux/debian/HOWTO_QUICKIE_-_install_dansguardian.php > >> > >> > >> -- > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > >> Nathan England > >> I believe in the Constitution and the 4th Amendment. I am innocent and > >> have nothing to hide, but NO agent of the state crosses my threshhold > >> without a valid warrant signed by a judge and properly submitted. If > >> we fail to exercise our rights, we lose them. > > > > -- > > (503) 754-4452 iPhone > > (623) 239-3392 Skype > > (623) 688-3392 Google Voice > > > > http://www.it-clowns.com > > > > "If Python is executable pseudocode, then perl is executable line noise." > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Nathan England > I believe in the Constitution and the 4th Amendment. I am innocent and > have nothing to hide, but NO agent of the state crosses my threshhold > without a valid warrant signed by a judge and properly submitted. If > we fail to exercise our rights, we lose them. > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- (623) 239-3392 Skype (623) 688-3392 Google Voice http://www.it-clowns.com "If Python is executable pseudocode, then perl is executable line noise."