Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 02-14-2013, 12:31 PM   #1
LQ Newbie
Registered: Feb 2013
Posts: 2

Rep: Reputation: Disabled
iptables and port forwarding - Inside the firewall

Hi, we run a Ubuntu firewall here and I am trying to configure port forwarding to allow our sharepoint site to be accessible from outside the building.

I need both port 80 and 443 (SSL) to be active.

sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to <internal_ip>:80
sudo iptables -A FORWARD -i eth1 -p tcp --dport 80 -d <internal_ip> -j ACCEPT
sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to <internal_ip>:443
sudo iptables -A FORWARD -i eth1 -p tcp --dport 443 -d <internal_ip> -j ACCEPT
This works for computers OUTSIDE our firewall. When I bring up my domain name from home, I get our sharepoint site.

When I try to access the site from inside our network using either the domain name or external ip address, I keep getting the default apache page installed on the firewall. Is there something I'm missing here?

Last edited by LostInDaJungle; 02-14-2013 at 01:58 PM. Reason: Web Server was still on... My bad. Removed that line
Old 02-14-2013, 04:29 PM   #2
Ser Olmy
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 2,485

Rep: Reputation: Disabled
Traffic from the inside won't match any of the iptables rules because of the "-i eth1" parameter.

Even though the public IP is bound to eth1, accessing that IP via another interface happens without routing. You can reach all IP addresses on a system via any of its interfaces.

Note that even if you add PREROUTING rules for traffic from the inside network, the NATed connection will fail if the clients and the Sharepoint server are on the same IP subnet.
Old 02-22-2013, 07:35 AM   #3
LQ Newbie
Registered: Feb 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Resolved it

iptables -t nat -A PREROUTING -d <external ip> -p tcp --dport 80 -j DNAT --to <internal ip>:80
iptables -A FORWARD -p tcp --dport 80 -d <internal ip> -j ACCEPT
iptables -t nat -A PREROUTING -d <external ip> -p tcp --dport 443 -j DNAT --to <internal ip>:443
iptables -A FORWARD -p tcp --dport 443 -d <internal ip> -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp --dport 80 -d <internal ip> -s 10.100.XX.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp --dport 443 -d <internal ip> -s 10.100.XX.0/24 -j MASQUERADE
These rules allow me to access the server from outside and inside the firewall.

The problem I ran into was that simply removing the "-i eth1" caused all traffic bound for port 80 (or 443) to be rerouted to the internal server. So if a client requested, he ended up getting routed to the internal ip. Adding the -d switch reroutes any traffic bound for one ip on port 80 (or 443) to the internal server.

Last edited by LostInDaJungle; 02-22-2013 at 07:40 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables forwarding from gateway back to the inside network casolorz Linux - Networking 5 02-03-2009 03:18 PM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
Testing Port Forwarding from inside network? humbletech99 Linux - Networking 2 07-08-2006 02:37 AM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 12:08 PM
IP Forwarding inside my firewall drtbmd Linux - Networking 6 08-22-2002 01:53 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 04:22 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration