Re: iptables and forwarding port 80
Steve Doerr wrote:
> Hello. I'm having trouble opening up port 80 on my firewall and I'm not
> sure if it is because nmap shows it closed, or if I have a broken rule.
>
> My rules for masquerading/redirect are as follows:
>
> #pick up ip from dhcp
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> #protect forward rule
> iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
>
> #forward port 80
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to\
> 192.168.1.2:80
>
> #open port 80
> iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT
To let a packet be forwarded, you have to ACCEPT it in FORWARD, not
INPUT. So remove this rule and put it in FORWARD, before the other one.
>
>
> Output of iptables -L:
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
>
> I can surf the internet on this network, but connections to port 80 are
> denied.
>
> Can anyone see any obvious oversights here?
>
> Thanks for any help.
> Steve
Also, you have to enable forwarding with
echo 1 > /proc/sys/net/ipv4/ip_forward
HTH,
Jason McCarty
Reply to: