Hello, This is my firewall script:
sudo iptables -F sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 22005 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -j DROP sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.2:80 sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT sudo iptables -L I want to run it on Raspbian which is behind my home router. I forwarded the whole incoming traffic from my router to the RPI using the DMZ function (NAT 1:1). The "-A INPUT" part of the script works! :) I can access only 22005 and 80 from the Internet and every other port on the LAN subnet and lo interface. The thing is that the port forwarding part isn't working :( sudo iptables -t nat -A PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.1.2:80 sudo iptables -A FORWARD -p tcp -d 192.168.1.10 --dport 80 -j ACCEPT I want to redirect the 81 port of my RPI to my home PC's 80 port (web serwer). I found this in Google. Of course I also enabled IPv4 forwarding in sysclt: sudo sysctl -w net.ipv4.ip_forward=1 And am I dropping the packets correctly or should I use default policy instead? This way is simpler to understand. Is there something that I am doing wrong in this script? -- Best regards, Aleksander Kurczyk -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/dub125-w47a470a9d5966f19a1cf9cda...@phx.gbl
