Opening :80 through a NATing iptables firewall.

To: debian-firewall@lists.debian.org
Subject: Opening :80 through a NATing iptables firewall.
From: "Robb Kidd" <rkidd@ncmec.org>
Date: Fri, 28 Sep 2001 13:17:10 -0400
Message-id: <3BB4B096.6050306@ncmec.org>

	Let me see if I've got this right.
With:
LANDEV="eth0"
INETDEV="eth1"
iptables -P FORWARD DROP
(obviously not my whole iptables setup, but what I hope is relevant)

   If I'm going to open port 80 and direct outside connections to an
internal box, I'll need:

iptables -t nat -A PREROUTING -i $INETDEV -p tcp --dport 80 -j DNAT \
	--to-destination 192.168.1.10

	...but in addition to this, I'll need:

iptables -A FORWARD -i $INETDEV -d 192.168.1.10 -j ACCEPT

I was logging dropped packets with the 192.168.1.10 destination before Iadded the above FORWARD entry and now it works. Is this the "right" wayto perform port forwarding? Is there a more optimal method? (Fulliptables script available, but I thought I'd not deluge the list yet.)

Reply to:

Follow-Ups:
- Re: Opening :80 through a NATing iptables firewall.
  - From: Vineet Kumar <debian-security@virtual.doorstop.net>

Prev by Date: Re: 2.2.19 ipmaqs and private lans
Next by Date: Re: Opening :80 through a NATing iptables firewall.
Previous by thread: Re: 2.2.19 ipmaqs and private lans
Next by thread: Re: Opening :80 through a NATing iptables firewall.
Index(es):
- Date
- Thread