iptables connection refused in VLAN network when iptables configured NAT and port forwarding

Question

I have a static IP X.X.X.X. I configured a Linux server as a router by using iptables. The following figures as my network topology:

            ppp0  +-------------+
       +----------+             |
        static IP |   Router    |
                  |             |
                  +---+---------+
                      |
                 +----+------+
            +----+  switch   +-----+
            |    +-----------|     |
            |VLAN 1.0/24-10.0/24   |
            |                      |
  XXXXXXXXXXvX                     |
 XX          XXXXX       +------v--v--+
XX               XX      |            |
X   LAN network   XX     | Web server |
X                  X     |            |
XX 192.168.2.0/24  X     +------------+
 XX              XXX        192.168.1.5
   XXXX      XXXXX
      XXXXXXXX

My router is configured as a NAT router for all of the VLAN network. I was publishing successfully to a web server which can access on the internet via DNAT. The computer on the LAN network can ping to Web server and connect to 192.168.1.5 very well.

When the computer in network 2.0/24 accessed the Web Server by static IP, it received a connection refused error which I can't explain.

The following is my iptables rule:

$IPT -t nat -A PREROUTING -i ppp0 -p tcp -j DNAT --to-destination 192.168.1.5:80
$IPT -A FORWARD -i ppp0 -o eth4 -p tcp -j ACCEPT

Answer 1

Packets from your /24 network don't come in through the ppp0 interface, consequently the rules shown are not applied, and you effectively try to access port 80 on the router. If the router has port 80 open, other rules or the policy are probably rejecting the connection.