Unable to browse websites - port forwarding problem.

Discussion in 'Server Operation' started by satimis, Jul 7, 2008.

  1. satimis

    satimis New Member

    Hi folks,


    Ubuntu LAMP server
    IP - 192.168.0.52

    Local machine
    IP - 192.168.0.10


    With following iptables rules up running, website can't be browsed both on Internet and Intranet
    Code:
    # INPUT
    
    # Set the default policy to drop
    iptables -P INPUT DROP
    
    # Allow existing connections to continue
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    # Allow the server to talk to itself
    iptables -A INPUT -i lo -j ACCEPT
    
    # Allow ssh from workstation local IPadd allowing incoming mails 20080307
    
    iptables -A INPUT -s 192.168.0.10 -p tcp --dport 2222 -j ACCEPT
    
    
    iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A INPUT -j LOG
    
    
    
    # OUTPUT
    
    # Set the default policy to drop
    iptables -P OUTPUT ACCEPT
    
    # Allow existing connections to continue
    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    
    # Allow the server to talk to itself
    iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
    
    # Allow DNS requests out
    iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
    

    After adding following rules under INPUT
    Code:
    # Allow port forwarding
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
    iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    
    Restart iptables.


    it still fails. Please advise. TIA


    B.R.
    satimis
     
  2. topdog

    topdog Active Member HowtoForge Supporter

    That is because you are not accepting inbound connections to port 80
     
  3. satimis

    satimis New Member

    Hi topdog,


    Thanks for your advice. You are correct but NOT to port 80. Because I'm running ssl here. It must be port 443


    I must add following rules;
    Code:
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp --dport 25 -j ACCEPT 
    iptables -A INPUT -p tcp --dport 110 -j ACCEPT 
    
    What will be port 110 for?


    Following rules can be deleted
    Code:
    #iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 53 -j MASQUERADE
    #iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.10 -p 80 -j MASQUERADE
    

    B.R.
    satimis
     
  4. chipsafts

    chipsafts New Member

  5. satimis

    satimis New Member

Share This Page