3
I am trying to forward all the incoming internet/LAN requests on port 80 to my local machine (running Apache), current iptables work (forward incoming internet traffic to my desktop, but if I try to access it from my local network it won't work.
Interface connecting my Ubuntu server to the internet is ppp0 (dialed DSL connection through my router that is in bridge mode) which is connected to the eth0 and eth1 is connected to my internal LAN.
iptables -t nat -A POSTROUTING -s 192.168.2.0/255.255.255.0 -o ppp0 -j MASQUERADE
iptables -A INPUT -i ppp0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#port forwarding
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j DNAT --to-destination 192.168.2.2:80
iptables -A FORWARD -i ppp0 -p tcp --dport 80 -j ACCEPT
also tested with
iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j DNAT --to-destination 192.168.2.2:80
no luck there eather
what i was able to gather so far (via logs), is that accessing external server ip directly from the LAN goes directly to eth1 which is understandable (i think).
So what i need now (i guess) is an rule that will forward the LAN traffic on eth1 without interfering with the ppp0 prerouting rule (as forwarding all the incoming traffic on eth1 to my local machine will break the internet connection)
It's is a bit difficult to follow your problem description. You have an ubuntu server connected to the router? And you wish to use iptables to only forward incoming connections to port 80? – bbaja42 – 2011-07-02T14:53:20.760
yea, pretty much, the "basic" port forwarding works (incoming internet traffic on 80 port is getting forwarded properly) but, when i want type in my external ip into the browser, connection wont be forwarded and i will just see the error screen – Stef – 2011-07-02T15:04:27.543
Idea 1: try accessing your external IP through proxy . Idea 2: include logging in the iptables
– bbaja42 – 2011-07-02T15:17:08.260good idea with the proxy, well as i stated above, the traffic gets forwarded properly (i can see my apache website with proxy), but i simply cant access it via my external ip, the problem must be in my iptables port forwarding (in the code braces above) :( – Stef – 2011-07-02T18:48:45.720
Could it be, when you are accessing external IP, you are actually using the
loopback
interface. So addinglo
to the port forwarding might solve the issue. – bbaja42 – 2011-07-02T19:10:10.850i tried adding iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j DNAT --to-destination 192.168.2.2:80 if thats what you ment, no luck there, its interesting because i would thought by at least typing 192.168.2.1 (which is local server ip) it should get forwarded, yet still nothing :( – Stef – 2011-07-02T22:22:30.317