[NTLUG:Discuss] Port forwarding question

[bkontr]

Paul Drew wrote:
> Howdy,
> I am now on board the new comcast system via attbi transfer, and I have 
> no issues at all with ports being blocked. I have been running a 
> webserver out of my house since mid 1999 back with excite at home. I have 
> been pretty fortunate overall, because I have been through all those 
> transfers of service with really not any downtime and performance has 
> actually been increased since them. So far everything I have tried with 
> comcast is fine. All ports seem to be clear and open in FlowerMound that 
> is. :) Good luck to you though sir.
> 
> Paul Drew
> 
> 

Hey Paul,

Thanks for the tip. I don't think port 80 is blocked either, but I just 
wasn't sure. You wouldn't happen to know if my iptables statements 
(below) are correct, would you? Getting the firewall to cooperate has 
been a bear and I'm running out of ideas on how to forward incoming port 
80 requests to my Apache machine on the internal network.  If you could 
possibly suggest ways to test my firewall configuration, I'd also be 
grateful.

Many Thanks,

Brian



>> INTIF1=Internal Network Interface 1
>> EXTIF=External Network Interface
>> HTTP= The IP of the Apache server
>> COMCAST= The DHCP leased IP from Comcast
>>
>> $IPTABLES -A FORWARD -p tcp -i $EXTIF -o $INTIF1 -d $HTTP 
>> --destination-port 8080 --source-port 1024:65535 -m state --state NEW 
>> -j ACCEPT
>>
>> $IPTABLES -A FORWARD -t filter -i $INTIF1 -m state --state / 
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> $IPTABLES -A FORWARD -t filter -i $EXTIF -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> $IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF -d $COMCAST 
>> --destination-port 8080 --source-port 1024:65535 -j DNAT --to $HTTP
>>