Find the answer to your Linux question:
Results 1 to 3 of 3
Hi folks, Ubuntu LAMP server IP - 192.168.0.52 Local machine IP - 192.168.0.10 With following iptables rules up running, website can't be browsed both on Internet and Intranet Code: # ...
  1. 07-07-2008 #1
    satimis
    satimis is offline
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,546

    Port forwarding problem

    Hi folks,


    Ubuntu LAMP server
    IP - 192.168.0.52

    Local machine
    IP - 192.168.0.10


    With following iptables rules up running, website can't be browsed both on Internet and Intranet
    Code:
    # INPUT

# Set the default policy to drop
iptables -P INPUT DROP

# Allow existing connections to continue
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow the server to talk to itself
iptables -A INPUT -i lo -j ACCEPT

# Allow ssh from workstation local IPadd allowing incoming mails 20080307

iptables -A INPUT -s 192.168.0.10 -p tcp --dport 2222 -j ACCEPT


iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -j LOG



# OUTPUT

# Set the default policy to drop
iptables -P OUTPUT ACCEPT

# Allow existing connections to continue
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow the server to talk to itself
iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT

# Allow DNS requests out
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

    After adding following rules under INPUT
    Code:
    # Allow port forwarding
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    Restart iptables.


    it still fails. Please advise. TIA


    B.R.
    satimis
    Reply With Quote Reply With Quote
  2. 07-07-2008 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,281
    The rules above are they on the clients box or the box connected to the internet?

    This box has more then one interface? Is Forwarding turned on?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
  3. 07-07-2008 #3
    satimis
    satimis is offline
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,546
    Quote Originally Posted by Lazydog View Post
    The rules above are they on the clients box or the box connected to the internet?

    This box has more then one interface? Is Forwarding turned on?
    Hi,


    I left out following rules;
    Code:
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j ACCEPT 
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    After adding them and restart iptables. Problem solved.

    ssl is running here therefore I need port 443 instead of port 80.


    Code:
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    can be erased


    Thanks


    B.R.
    satimis
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...