Re: iptables and forwarding port 80

To: debian-firewall@lists.debian.org
Subject: Re: iptables and forwarding port 80
From: Jason McCarty <bclg@iup.edu>
Date: Fri, 21 Feb 2003 10:28:43 -0500
Message-id: <20030221152843.GA4842@iup.edu>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <3E562010.1020704@swbell.net>
References: <3E562010.1020704@swbell.net>

Steve Doerr wrote:
> Hello.  I'm having trouble opening up port 80 on my firewall and I'm not
> sure if it is because nmap shows it closed, or if I have a broken rule.
> 
> My rules for masquerading/redirect are as follows:
> 
> #pick up ip from dhcp
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> #protect forward rule
> iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
> 
> #forward port 80
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to\ 
> 192.168.1.2:80
> 
> #open port 80
> iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT

To let a packet be forwarded, you have to ACCEPT it in FORWARD, not
INPUT. So remove this rule and put it in FORWARD, before the other one.

> 
> 
> Output of iptables -L:
> ACCEPT 	tcp	--	anywhere	anywhere	tcp dpt:www
> 
> I can surf the internet on this network, but connections to port 80 are 
> denied.
> 
> Can anyone see any obvious oversights here?
> 
> Thanks for any help.
> Steve

Also, you have to enable forwarding with
	echo 1 > /proc/sys/net/ipv4/ip_forward

HTH,

	Jason McCarty

Reply to:

References:
- iptables and forwarding port 80
  - From: Steve Doerr <sdoerr@swbell.net>

Prev by Date: iptables and forwarding port 80
Next by Date: TX errors, internal nic
Previous by thread: iptables and forwarding port 80
Next by thread: TX errors, internal nic
Index(es):
- Date
- Thread