Re: Port forwarding and local firewall connections

To: debian-firewall@lists.debian.org
Subject: Re: Port forwarding and local firewall connections
From: Yann Lejeune <lejeuney@gmail.com>
Date: Thu, 12 Jul 2007 14:23:17 +0200
Message-id: <[🔎] 20070712122317.GA7119@mano.netyl.org>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20070712134656.fb036ca4.marcuz@linux.it>
References: <[🔎] 20070712134656.fb036ca4.marcuz@linux.it>

On 2007/07/12-13:46(+0200), Marco wrote :
> Hello.
> 
> This is the network:
> 
> LAN (10.10.10.0/24) <-> (10.10.10.12) FW (192.168.10.1) <->
> (192.168.10.2) webserver
> 
> I have set up a firewall who redirects some ports to another
> server in che DMZ with iptables:
> 
> iptables -t nat -A PREROUTING -i ! $DMZIF -p tcp --dport 80 -j
> DNAT --to 192.168.10.2
> iptables -A FORWARD -p tcp -d 192.168.10.2 --dport 80 -j ACCEPT
> 
> Everything works correctly from the LAN, PCs can connect to
> webserver and it replays, but if on the firewall i try to
> connect to http://10.10.10.12 don't works, it says connection
> refused.
> 
> Can anyone help me please? Thank you!
> 
Hi,
 Trafic generated by the firewall is not filtered by the FORWARD chain but
 by the OUTPUT one. You have add this rule if default policy is to drop
 outbound trafic :

 iptables -t filter -A OUTPUT -p tcp -d 192.168.10.2 --dport 80 -j ACCEPT 

Regards,
                                              -- Yann.

Reply to:

Follow-Ups:
- Re: Port forwarding and local firewall connections
  - From: Marco <marcuz@linux.it>

References:
- Port forwarding and local firewall connections
  - From: Marco <marcuz@linux.it>

Prev by Date: Re: Port forwarding and local firewall connections
Next by Date: Re: Port forwarding and local firewall connections
Previous by thread: Re: Port forwarding and local firewall connections
Next by thread: Re: Port forwarding and local firewall connections
Index(es):
- Date
- Thread