Re: Port forwarding and local firewall connections
On 2007/07/12-13:46(+0200), Marco wrote :
> Hello.
>
> This is the network:
>
> LAN (10.10.10.0/24) <-> (10.10.10.12) FW (192.168.10.1) <->
> (192.168.10.2) webserver
>
> I have set up a firewall who redirects some ports to another
> server in che DMZ with iptables:
>
> iptables -t nat -A PREROUTING -i ! $DMZIF -p tcp --dport 80 -j
> DNAT --to 192.168.10.2
> iptables -A FORWARD -p tcp -d 192.168.10.2 --dport 80 -j ACCEPT
>
> Everything works correctly from the LAN, PCs can connect to
> webserver and it replays, but if on the firewall i try to
> connect to http://10.10.10.12 don't works, it says connection
> refused.
>
> Can anyone help me please? Thank you!
>
Hi,
Trafic generated by the firewall is not filtered by the FORWARD chain but
by the OUTPUT one. You have add this rule if default policy is to drop
outbound trafic :
iptables -t filter -A OUTPUT -p tcp -d 192.168.10.2 --dport 80 -j ACCEPT
Regards,
-- Yann.
Reply to: