port forward

**ezalpar** · 11-26-2009

Hi

I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands:
iptables -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.60.2
iptables -A FORWARD -p tcp -m tcp -d 192.168.60.2 --dport 443 -m state --state NEW -j ACCEPT

thanks in advance for any help

**coopstah13** · 11-26-2009

you need to use state established,related instead of new

**Lazydog** · 11-26-2009

Originally Posted by ezalpar

Hi

I have a port forward using iptables (tcp/443) and it's OK. But I can't access any web site that using https. I set my port forwarding with this commands:
iptables -A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 192.168.60.2
iptables -A FORWARD -p tcp -m tcp -d 192.168.60.2 --dport 443 -m state --state NEW -j ACCEPT

thanks in advance for any help

When you say 'any website' are you talking just internally or externally?
Reason I ask is you did not define the inbound interface for your DNAT and thus the PREROUTE rule is applied to all interfaces and everything is DNAT'ed before it is routed.

Originally Posted by coopstah13

you need to use state established,related instead of new

Not really. All new connections require the NEW rule or they will not be accepted when running a stateful firewall.

Thread Tools

Display

port forward

Posting Permissions