There is a server on the local network. It is debian. It runs a service that listens on port 80 to 0.0.0.0. Connections from the local network and 127.0.0.1 work exactly.

There is an iron gateway that looks into the Internet. A "Virtal Server" (aka D-NAT) is registered on it on this 80th port. Connection timed out after a delay is issued.

The problem is that when you substitute a win-machine instead of a linux-machine, then the connection goes through (in the final, even the real IP substitution was put in).

That is, the piece of hardware forwards the packet inwards, but it gets stuck somewhere in linux somewhere.

Iptables-chains INPUT, OUTPUT, FORWARD on the linux-machine - ACCEPT.

Please tell me where and what to dig?

    1 answer 1

    Check if there is a default route on Linux. Command route , look for default . It should indicate the internal IP of the “iron” gateway.

    Or do, in addition to D-NAT, which changes the external IP gateway to the IP of your server before routing, also S-NAT, which will work after routing, replace the source IP with the internal IP gateway. This option is bad because on the server all that is behind the gateway will be seen as the IP of your gateway.

    • Bli-in. Gateway 100% is not registered there. - SilverIce 1
    • Yeah, I'm not so stupid. Thank! - SilverIce 1 pm