[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Opening :80 through a NATing iptables firewall.



	Let me see if I've got this right.
With:
LANDEV="eth0"
INETDEV="eth1"
iptables -P FORWARD DROP
(obviously not my whole iptables setup, but what I hope is relevant)

   If I'm going to open port 80 and direct outside connections to an
internal box, I'll need:

iptables -t nat -A PREROUTING -i $INETDEV -p tcp --dport 80 -j DNAT \
	--to-destination 192.168.1.10

	...but in addition to this, I'll need:

iptables -A FORWARD -i $INETDEV -d 192.168.1.10 -j ACCEPT

I was logging dropped packets with the 192.168.1.10 destination before I added the above FORWARD entry and now it works. Is this the "right" way to perform port forwarding? Is there a more optimal method? (Full iptables script available, but I thought I'd not deluge the list yet.)





Reply to: