Hi,
Here, a part of solution that I implemented with success. The basic is
action is to DROP for INPUT,OUTPUT,FORWARD,home made chains,...
I think that you forgot the postrouting rule in your implementation
# DNAT OR NOT THE WWW PORT (80)
if [ ${DNAT_WWW_PORT} = TRUE ] ; then
${IPTABLES} -t nat -I PREROUTING -p TCP -i $INET_IFACE -s 0/0
-d $INET_IP --dport www -j DNAT --to $WWW_IP
${IPTABLES} -I forward_eth1 -p TCP -i $INET_IFACE -o $LAN_IFACE
-d $WWW_IP --dport $WWW_PORT -j ACCEPT
${IPTABLES} -t nat -I POSTROUTING -p TCP -o $LAN_IFACE -s 0/0
-d $WWW_IP --dport www -j ACCEPT
echo "DNAT the www port connections from $INET_IFACE interface to
$WWW_IP ..."
[...]
# $LAN_IFACE (eth1) -> $INET_IFACE (eth0)
${IPTABLES} -A forward_eth0 -m state --state ESTABLISHED,RELATED -j
ACCEPT
Jean-Robert WIAME email: [EMAIL PROTECTED]
BELGIUM
--
-----Original Message-----
From: Scott Adamson [mailto:[EMAIL PROTECTED]]
Sent: mercredi 20 mars 2002 04:36
To: [EMAIL PROTECTED]
Subject: Trying to forward port 80 to an internal server
I have been trying to forward port 80 requests to a second machine, the
firewall machine runs Redhat 7.2, with the default kernel which I think is
2.4.10. It contains two network interfaces, eth0 which is assigned a
routable internet address, and eth1 which is assigned an internal
non-routable address. I have confirmed that the firewall is accepting port
80 requests on the external interface, as I can successfully run Apache on
it without any the firewall running. After the iptables script has been
executed port 80 request are not returned at all indicating that the request
went somewhere. Could someone please assist, as I have read the howtos,
manuals and Robert Zielgler's latest edition of 'Linux Firewalls', but I'm
getting nowhere. I have included the entire script below, any assistance
would be greatly appreciated.
[...cut...]
############################################################################
#####
# Default chains section #
############################################################################
#####
#Allow all, then selective allows then drop everything else
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#echo "Enabling PORTFW Redirection on the external LAN.."
#
# This will forward ALL port 80 traffic from the external IP address
# to port 80 on the 192.168.0.60 machine
#
#
PORTFWIP="192.168.0.60"
$IPTABLES -t nat -A PREROUTING -i $EXTERNAL_INTERFACE -p tcp --sport
1024:65535 -d $IPADDR --dport 80 -j DNAT --to-destination $PORTFWIP
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -p tcp
--sport 1024:65535 -d $PORTFWIP --dport 80 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTERNAL_INTERFACE -o $EXTERNAL_INTERFACE -m
state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTERNAL_INTERFACE -o $INTERNAL_INTERFACE -m
state --state ESTABLISHED,RELATED -j ACCEPT
