Re: iptables and forwarding port 80
Steve Doerr wrote:
> Hello. I'm having trouble opening up port 80 on my firewall and I'm not
> sure if it is because nmap shows it closed, or if I have a broken rule.
> My rules for masquerading/redirect are as follows:
> #pick up ip from dhcp
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> #protect forward rule
> iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
> #forward port 80
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to\
> #open port 80
> iptables -A INPUT -i eth0 -s 0/0 -d 0/0 -p tcp --dport 80 -j ACCEPT
To let a packet be forwarded, you have to ACCEPT it in FORWARD, not
INPUT. So remove this rule and put it in FORWARD, before the other one.
> Output of iptables -L:
> ACCEPT tcp -- anywhere anywhere tcp dpt:www
> I can surf the internet on this network, but connections to port 80 are
> Can anyone see any obvious oversights here?
> Thanks for any help.
Also, you have to enable forwarding with
echo 1 > /proc/sys/net/ipv4/ip_forward