[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Opening :80 through a NATing iptables firewall.

	Let me see if I've got this right.
iptables -P FORWARD DROP
(obviously not my whole iptables setup, but what I hope is relevant)

   If I'm going to open port 80 and direct outside connections to an
internal box, I'll need:

iptables -t nat -A PREROUTING -i $INETDEV -p tcp --dport 80 -j DNAT \

	...but in addition to this, I'll need:

iptables -A FORWARD -i $INETDEV -d -j ACCEPT

I was logging dropped packets with the destination before I added the above FORWARD entry and now it works. Is this the "right" way to perform port forwarding? Is there a more optimal method? (Full iptables script available, but I thought I'd not deluge the list yet.)

Reply to: