iptables + NAT + Port forwarding problem
Hi, I am having some trouble forwarding ports one my Gentoo router. Everything is working great except for the port forwarding. I figure it is probably a stupid mistake, but time is a factor here and I have not been able to come up with my own solution thus far. Any help would be greatly appreciated.
The goal: Forward external ports (eth0 12.215.xxx.xxx) to internal IP addresses (eth1 192.168.1.0/24). I am mainly concerned with port 80. My current script: Code:
#----Flush Old Rules----# |
SirGertrude,
Are you using a Gentoo Linux distribution, or another, such as RedHat? |
try
#iptables -t nat -I PREROUTING ... instead of #iptables -t nat -A PREROUTING .. |
yes, I am using Gentoo.
I tried using "iptables -t nat -I PREROUTING..." instaid of "iptables -t nat -A PREROUTING..." and had no luck. Thanks for the idea. |
Port 80? Seems like you want to serve HTTP requests? Most ISP block this port from the outside. Most of the time you cant get away with it. If you use a different port it should work.
|
I wondered that also... I set up a webserver on the router and allowed connections to port 80 and was able to connect. I also use ports 2-4 for other traffic, which I am unable to connect to. I am sure it is a problem with my configuration on the linux box itself, but I cannot figure out where.
Thanks for the input. :) |
try http://iptables-script.dk/index1.php to make sure that the trouble is from iptables.
|
maxnut,
I went to the website you recommended and had a custom script created. It worked great! I moved several lines from my old script to the new one and it is running beautifully. I compared the two and the only difference I noticed was the default policy "iptables -P FORWARD DROP" in the working script and the order of the commands. I assume one of those issues was causing my problem. Thank you for the help. BTW... I would highly recommend http://iptables-script.dk/index1.php to others who are attempting to set up a NAT router. I wish I had known about it before I wasted all that time troubleshooting my script. |
he he maxnut?? who is it? my nick is maxut.
i am glad to hear that u solved your trouble. |
perhaps your ISP is blocking acces to the 80 port, to prevent you from running a webserver ...
I know overhere in Belgium, my ISP blocks all ports below 1024, this is also done for security reasons. try to run your webserver on a higher port, like 2080. You can also redirect your traffic, so you won't have to reconfigure your webserver. The requests are coming in at 2080, and are beeing redirected to your internal network to port 80. |
All times are GMT -5. The time now is 05:16 PM. |