[NTLUG:Discuss] Port forwarding question

Richard Humphrey richard at multicam.com
Thu Jun 5 09:42:06 CDT 2003 

I finally got fed up with Shorewall messing up my Samba stuff that I
just went out and bought a $60 broadband router. It has built in NAT and
blocks everything by default unless i specify it to be opened. I
understand why people want to use Linux firewalls but for sanity's sake
I broke down and got the DSL router. lol

-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]On
Behalf Of bkontr
Sent: Wednesday, June 04, 2003 7:20 PM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] Port forwarding question


Paul Drew wrote:
> Howdy,
> I am now on board the new comcast system via attbi transfer, and I
have
> no issues at all with ports being blocked. I have been running a
> webserver out of my house since mid 1999 back with excite at home. I have
> been pretty fortunate overall, because I have been through all those
> transfers of service with really not any downtime and performance has
> actually been increased since them. So far everything I have tried
with
> comcast is fine. All ports seem to be clear and open in FlowerMound
that
> is. :) Good luck to you though sir.
>
> Paul Drew
>
>

Hey Paul,

Thanks for the tip. I don't think port 80 is blocked either, but I just
wasn't sure. You wouldn't happen to know if my iptables statements
(below) are correct, would you? Getting the firewall to cooperate has
been a bear and I'm running out of ideas on how to forward incoming port
80 requests to my Apache machine on the internal network.  If you could
possibly suggest ways to test my firewall configuration, I'd also be
grateful.

Many Thanks,

Brian



>> INTIF1=Internal Network Interface 1
>> EXTIF=External Network Interface
>> HTTP= The IP of the Apache server
>> COMCAST= The DHCP leased IP from Comcast
>>
>> $IPTABLES -A FORWARD -p tcp -i $EXTIF -o $INTIF1 -d $HTTP
>> --destination-port 8080 --source-port 1024:65535 -m state --state NEW
>> -j ACCEPT
>>
>> $IPTABLES -A FORWARD -t filter -i $INTIF1 -m state --state /
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> $IPTABLES -A FORWARD -t filter -i $EXTIF -m state --state
>> NEW,ESTABLISHED,RELATED -j ACCEPT
>>
>> $IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF -d $COMCAST
>> --destination-port 8080 --source-port 1024:65535 -j DNAT --to $HTTP
>>

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list