[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables and forwarding port 80

Steve Doerr wrote:
> Hello.  I'm having trouble opening up port 80 on my firewall and I'm not
> sure if it is because nmap shows it closed, or if I have a broken rule.
> My rules for masquerading/redirect are as follows:
> #pick up ip from dhcp
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> #protect forward rule
> iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
> #forward port 80
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to\ 
> #open port 80
> iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT

To let a packet be forwarded, you have to ACCEPT it in FORWARD, not
INPUT. So remove this rule and put it in FORWARD, before the other one.

> Output of iptables -L:
> ACCEPT 	tcp	--	anywhere	anywhere	tcp dpt:www
> I can surf the internet on this network, but connections to port 80 are 
> denied.
> Can anyone see any obvious oversights here?
> Thanks for any help.
> Steve

Also, you have to enable forwarding with
	echo 1 > /proc/sys/net/ipv4/ip_forward


	Jason McCarty

Reply to: