Port-forwarding with iptables problem

[wendel]

Hi all,

I have a setup like the one shown below and I want to forward HTTP requests from my gateway to my internal HTTP server (and also to forward UDP packets with destination port 4321 to another internal machine - 192.168.0.100):


Internet -------------- wan (EXT_IP) GATEWAY (192.168.0.1) lan -------------------- (192.168.0.201) HTTP sever


Well, this is how I am using iptables:

Code:

#!/bin/sh
iptables -t nat -A POSTROUTING -j MASQUERADE -o wan

iptables -t nat -A PREROUTING -p udp -i wan --dport 4321 -j DNAT --to 192.168.0.100

iptables -t nat -A PREROUTING -p tcp -i wan --dport 80 -j DNAT --to 192.168.0.201

Using this configuration, the udp packets to port 4321 are forwarded correctly to the internal address 192.168.0.100. However, when I try to access the WEB server from outside I cannot get the WEB pages.

Is there something wrong? Am I missing any rule?

Thanks in advance,

Alex

[adam7979]

1) is your FORWARD chain set to ACCEPT, or at least ACCEPT forward from 192.168.0.201? (try to initialise your chain at the beginning of the script, i.e. DROP all or ACCEPT all if no other matched rules, and --flush all related chain as well as POSTROUTING and PREROUTING)

2) is 192.168.0.201's gateway set properly? i.e. to your firewall

3) very unlikely, but try to add the port number to your ip address i.e.: 192.168.0.201:80

4) your 192.168.0.201's httpd isn't running :P

[wendel]

Adam,
Thanks for your answer.
I found the (stupid reason... and it corresponds with point number 2:

2) is 192.168.0.201's gateway set properly? i.e. to your firewall

The routes.conf of the gateway 192.168.0.201 was wrong!

Thanks!

Alex

[adam7979]

hehe, sometimes i do missed out some minor details as well