I think you miss accept input traffic from port 81. You can add logging messages or run tcpdump to see what traffic are dropped.
Regards. Fernando. El 14/02/2014 14:44, "Aleksander Kurczyk" <akurc...@outlook.com> escribió: > Hello, > > This is my firewall script: > > sudo iptables -F > sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT > sudo iptables -A INPUT -i lo -j ACCEPT > sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT > sudo iptables -A INPUT -p tcp --dport 22005 -j ACCEPT > sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT > sudo iptables -A INPUT -j DROP > sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to > 192.168.1.2:80 > sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT > sudo iptables -L > > I want to run it on Raspbian which is behind my home router. I forwarded > the whole incoming traffic from my router to the RPI using the DMZ function > (NAT 1:1). > > The "-A INPUT" part of the script works! :) I can access only 22005 and 80 > from the Internet and every other port on the LAN subnet and lo interface. > The thing is that the port forwarding part isn't working :( > > sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to > 192.168.1.2:80 > sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT > > I want to redirect the 81 port of my RPI to my home PC's 80 port (web > serwer). I found this in Google. > > Of course I also enabled IPv4 forwarding in sysclt: > > sudo sysctl -w net.ipv4.ip_forward=1 > > And am I dropping the packets correctly or should I use default policy > instead? This way is simpler to understand. Is there something that I am > doing wrong in this script? > > -- > Best regards, > Aleksander Kurczyk > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: > http://lists.debian.org/dub125-w47a470a9d5966f19a1cf9cda...@phx.gbl > >
