Find the answer to your Linux question:
Results 1 to 3 of 3
Hi folks, Ubuntu LAMP server IP - 192.168.0.52 Local machine IP - 192.168.0.10 With following iptables rules up running, website can't be browsed both on Internet and Intranet Code: # ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,778

    Port forwarding problem


    Hi folks,


    Ubuntu LAMP server
    IP - 192.168.0.52

    Local machine
    IP - 192.168.0.10


    With following iptables rules up running, website can't be browsed both on Internet and Intranet
    Code:
    # INPUT
    
    # Set the default policy to drop
    iptables -P INPUT DROP
    
    # Allow existing connections to continue
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    # Allow the server to talk to itself
    iptables -A INPUT -i lo -j ACCEPT
    
    # Allow ssh from workstation local IPadd allowing incoming mails 20080307
    
    iptables -A INPUT -s 192.168.0.10 -p tcp --dport 2222 -j ACCEPT
    
    
    iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A INPUT -j LOG
    
    
    
    # OUTPUT
    
    # Set the default policy to drop
    iptables -P OUTPUT ACCEPT
    
    # Allow existing connections to continue
    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    # Allow the server to talk to itself
    iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
    
    # Allow DNS requests out
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

    After adding following rules under INPUT
    Code:
    # Allow port forwarding
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    Restart iptables.


    it still fails. Please advise. TIA


    B.R.
    satimis

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    The rules above are they on the clients box or the box connected to the internet?

    This box has more then one interface? Is Forwarding turned on?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,778
    Quote Originally Posted by Lazydog View Post
    The rules above are they on the clients box or the box connected to the internet?

    This box has more then one interface? Is Forwarding turned on?
    Hi,


    I left out following rules;
    Code:
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT 
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT
    After adding them and restart iptables. Problem solved.

    ssl is running here therefore I need port 443 instead of port 80.


    Code:
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    can be erased


    Thanks


    B.R.
    satimis

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •