PDA

View Full Version : IP-forward not working, how do i debug it?




Sindrers
Jan 20, 2010, 02:56 AM
My NAT portforward service to run a MAMP webserver:

Network setup:

I have setup a local static ipadress for my machine which is running a MAMP webserver. Which means i always get the following IP-adress 192.168.1.50.
MAMP works on http://192.168.1.50:8888/ but not on the portforward ipadress
http://77.XXX.XXX.220:8888/

ISP ( provides us with 5 static ips. )
77.XXX.XXX.218
77.XXX.XXX.219
77.XXX.XXX.220
77.XXX.XXX.221
77.XXX.XXX.222

The ISP is running a bridge mode from theire router too our Xserve.
Our xserve(mac os x server 10.6.2) then runs a DHCP service giving users a local IP adress aswell as internet connection.
Then we have the firewall which is basicly set to allow all traffic.
I have also tried to set advanced rules to specify it completly without any luck.

This is the plist file i have generated:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>redirect_port</key>
<array>
<dict>
<key>proto</key>
<string>tcp</string>
<key>targetIP</key>
<string>192.168.1.50</string>
<key>targetPortRange</key>
<string>80</string>
<key>aliasIP</key>
<string>77.XXX.XXX.220</string>
<key>aliasPortRange</key>
<string>8888</string>
</dict>
</array>
</dict>
</plist>

I have tried to looking in different logs without any luck at all. Can anyone please push me in the right direction on how to debug this?
My /var/log/alias.log says the following over and over with different udp, tcp, sock and tot.

icmp=0, udp=48, tcp=61 pptp=0, proto=0, frag_id=0 / tot=106 (sock1)

I have also checked "sudo ipfw list" and both port 8888 and 80 is openend from any to any.



belvdr
Jan 20, 2010, 10:47 AM
<key>targetIP</key>
<string>192.168.1.50</string>
<key>targetPortRange</key>
<string>80</string>
<key>aliasIP</key>
<string>77.XXX.XXX.220</string>
<key>aliasPortRange</key>
<string>8888</string>


I know nothing about setting this up in OS X Server. Looking at the above, I assume the target* lines are the real IPs on the inside and the alias* lines are for the NATed address on the outside.

If the inside server can be browsed on 8888, then the targetPortRange should be 8888, not 80 (since targetIP is the internal address).

Then if you want to browse http://77.XXX.XXX.220, then change the aliasPortRange to 80. If you want to browse http://77.XXX.XXX.220:8888, then leave aliasPortRange as 8888.