port forwarding trials and tribulations
I got my firewall working satisfactory, or so it seems, but I cannot get port forwarding to my internal 192.168.254.200 www machine to succeed. This is my iptables script. Internet is eth0 and my LAN is eth1. Any help would be greatly, greatly appreciated. Thanks, BenG.
# Kernel settings have been set in /etc/sysctl.conf
# Reset
/sbin/iptables -v -F
/sbin/iptables -v -X
/sbin/iptables -v -Z
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t nat -Z
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t mangle -Z
# Set Policies
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD DROP
# Allow self access by loopback interface
/sbin/iptables -A INPUT -i lo -p all -j ACCEPT
# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Accept New Internal Connections
/sbin/iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
# Port Forwarding is enabled, so accept forwarded traffic for my www
/sbin/iptables -A FORWARD -p tcp --dport 80 -d 192.168.254.200 -i eth0 -j ACCEPT
# Set up IP FORWARDing
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED \
-j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# Port Forwarding for my www
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT \
--to-destination 192.168.254.200
# Set up IP Masquerading
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|