Opening :80 through a NATing iptables firewall.
Let me see if I've got this right.
iptables -P FORWARD DROP
(obviously not my whole iptables setup, but what I hope is relevant)
If I'm going to open port 80 and direct outside connections to an
internal box, I'll need:
iptables -t nat -A PREROUTING -i $INETDEV -p tcp --dport 80 -j DNAT \
...but in addition to this, I'll need:
iptables -A FORWARD -i $INETDEV -d 192.168.1.10 -j ACCEPT
I was logging dropped packets with the 192.168.1.10 destination before I
added the above FORWARD entry and now it works. Is this the "right" way
to perform port forwarding? Is there a more optimal method? (Full
iptables script available, but I thought I'd not deluge the list yet.)