port forwarding thru iptables
Ruben Laban
r.laban at ism.nl
Tue Dec 23 08:47:47 UTC 2008
On Tuesday 23 December 2008 at 09:25 (CET), Luca Ferrari wrote:
> I've got a problem doing a port forwarding, in the meantime I've used an
> ssh forwarding but I'd like to solve it thru iptables. The scenario is
> this: I've got a firewall that protects a server that exposes web services,
> I'd like to redirect each connection to the firewall on the port 3663 to
> the port 80 of the web server, so I added the following rules in my
> iptables configuration:
>
> $IPTABLES -A INPUT -p tcp -d $FIREWALL --dport 3663 -j
> ACCEPT
It won't reach the INPUT chain...
> $IPTABLES -t nat -A PREROUTING -p tcp -d $FIREWALL --dport 3663
> -j DNAT -- to $WEB_SERVER:80
... because it gets DNAT'ed to another box. It thus hits the FORWARD chain
instead of the INPUT chain (in the filter table).
You need something like:
$IPTABLES -A FORWARD -p tcp -d $WEB_SERVER --dport 80 -j ACCEPT
> however I cannot connect to the web server (I tested with telnet). There
> are no other rules that block the connection (I guess) since it works out
> of the box with an ssh port forwarding, so what is wrong with the above
> configuration?
--
Regards,
Ruben
More information about the ubuntu-users
mailing list