|
how to port forward
I set up a raspberry as vpn gateway. I would like now to forward all the packets from vpn port 80 interface tun0 to a local pc connected to the local lan eth0 with local ip of 192.168.1.250 port 80. Could someone give me the right iptables rule?
I tryied with no solution all this differents set SET 1 sudo iptables -I FORWARD -i tun0 -p udp -d 192.168.1.250 --dport 80 -j ACCEPT sudo iptables -I FORWARD -i tun0 -p tcp -d 192.168.1.250 --dport 80 -j ACCEPT sudo iptables -t nat -I PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.250 sudo iptables -t nat -I PREROUTING -i tun0 -p udp --dport 80 -j DNAT --to-destination 192.168.1.250 SET2 sudo iptables -A FORWARD -i tun0 -o eth0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -i tun0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.250 SET3 sudo iptables -t nat -A POSTROUTING --out-interface eth0 -j MASQUERADE sudo iptables -A FORWARD --in-interface tun0 -j ACCEPT sudo iptables -t nat -A PREROUTING -p tcp -i tun0 -m tcp --dport 80 -j DNAT --to-destination 192.168.1.250:80 Base case (no modification) iptables are: # Generated by iptables-save v1.4.21 on Sun May 1 14:26:26 2016 *filter :INPUT ACCEPT [290:31586] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [110:8444] -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o tun0 -j ACCEPT -A OUTPUT -o tun0 -m comment --comment vpn -j ACCEPT -A OUTPUT -o eth0 -p icmp -m comment --comment icmp -j ACCEPT -A OUTPUT -d 192.168.1.0/24 -o eth0 -m comment --comment lan -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 443 -m comment --comment openvpn -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m comment --comment ssh -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 123 -m comment --comment ntp -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 53 -m comment --comment dns -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -m comment --comment dns -j ACCEPT -A OUTPUT -o eth0 -j DROP COMMIT # Completed on Sun May 1 14:26:26 2016 # Generated by iptables-save v1.4.21 on Sun May 1 14:26:26 2016 *nat :PREROUTING ACCEPT [44:5055] :INPUT ACCEPT [41:4580] :OUTPUT ACCEPT [55:5869] :POSTROUTING ACCEPT [41:2931] -A POSTROUTING -o tun0 -j MASQUERADE COMMIT # Completed on Sun May 1 14:26:26 2016 |
hackmaster,
In Linux I'm used to forwarding being disabled by default and having to be enabled, such as by: Code:
echo 1 > /proc/sys/net/ipv4/ip_forwardDid you enable forwarding? |
how to port forward
Another way that is persistent between reboot:
Edit /etc/sysctl.conf as root and add to the end Code:
Code:
sysctl -p |
| All times are GMT -5. The time now is 05:13 AM. |