I think you miss accept input traffic from port 81.
You can add logging messages or run tcpdump to see what traffic are dropped.
Regards. Fernando.
Hello,
This is my firewall script:
sudo iptables -F
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22005 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.2:80
sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT
sudo iptables -L
I want to run it on Raspbian which is behind my home router. I forwarded the whole incoming traffic from my router to the RPI using the DMZ function (NAT 1:1).
The "-A INPUT" part of the script works! :) I can access only 22005 and 80 from the Internet and every other port on the LAN subnet and lo interface. The thing is that the port forwarding part isn't working :(
sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.2:80
sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT
I want to redirect the 81 port of my RPI to my home PC's 80 port (web serwer). I found this in Google.
Of course I also enabled IPv4 forwarding in sysclt:
sudo sysctl -w net.ipv4.ip_forward=1
And am I dropping the packets correctly or should I use default policy instead? This way is simpler to understand. Is there something that I am doing wrong in this script?
--
Best regards,
Aleksander Kurczyk
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: DUB125-W47A470A9D5966F19A1CF9CDA9C0@phx.gbl" target="_blank">http://lists.debian.org/DUB125-W47A470A9D5966F19A1CF9CDA9C0@phx.gbl