I am using iptables on an OpenWRT enabled router, the scenario is like
Internet ------Linksys WRT54G Router-------- WEB SERVER (is a part of lan theres no DMZ)
0/0 a.b.c.d (public)/e.f.g.h(private) e.f.g.i
I want the following to happen, when someone connects to the router from the internet he is taken to the site hosted by WEB SERVER (e.f.g.i), whereas if
someone connects to the router from inside(at e.f.g.h) he is taken to the site hosted by the Router (OpenWRT configuration site). To achieve this i have written
following rules,
(I have set the default policy to accept for the time being, for all chains)
#~~~ FORWARD Chain ~~~
$IPTABLES -A FORWARD -i $INET_IFACE -o $LAN_IFACE -p tcp \
-d $WEB --dport 80 -j ACCEPT
$IPTABLES -A FORWARD -i $LAN_IFACE -p tcp -s $WEB -j ACCEPT
#~~~ NATTING ~~~
$IPTABLES -t nat -A PREROUTING -i $INET_IFACE -d $INET_IP -p tcp --dport 80 -j DNAT --to-destination $WEB:80
$IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/0 -j SNAT --to-source $INET_IP
#~~~ LOGGING ~~~~~
$IPTABLES -A INPUT -i $INET_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT INPUT INET_IFACE: "
$IPTABLES -A INPUT -i $LAN_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT INPUT LAN_IFACE: "
$IPTABLES -A FORWARD -i $INET_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT FORWARD INET_IFACE: "
$IPTABLES -A FORWARD -i $LAN_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT FORWARD LAN_IFACE: "
$IPTABLES -A OUTPUT -o $INET_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT OUTPUT INET_IFACE: "
$IPTABLES -A OUTPUT -o $LAN_IFACE -j LOG \
--log-level DEBUG --log-prefix "IPT OUTPUT LAN_IFACE: "
But this is not working properly, the tcp threeway handshake seems to happen properly but after that the connection is reset. I am unable to find out why.
Please someone help me find out why this is happening.