Hello:
My router has two interfaces: 10.3.3.3 to Internet; 192.168.1.1 to LAN. I
want to forward port 80 to an internal server at 192.168.1.200.
Something ain't workin'. Pertinent iptables -L below. Any suggestions?
# iptables -t nat -L -n ##this list is truncated
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP all -- 172.16.0.0/12 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 10.3.3.1 tcp dpt:80
to:192.168.1.200:80
#iptables -L -n ##this list is truncated
Chain INPUT (policy DROP)
target prot opt source destination
tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.1.255
ACCEPT all -- 0.0.0.0/0 192.168.1.1
ACCEPT all -- 0.0.0.0/0 10.3.3.3 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: '
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.200 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.1.1 0.0.0.0/0
ACCEPT all -- 10.3.3.3 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: '
Chain allowed (4 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x0216/0x022
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
nme
----------------------------------------------
Noah Eiger
nme@earthlink.net
----------------------------------------------
My router has two interfaces: 10.3.3.3 to Internet; 192.168.1.1 to LAN. I
want to forward port 80 to an internal server at 192.168.1.200.
Something ain't workin'. Pertinent iptables -L below. Any suggestions?
# iptables -t nat -L -n ##this list is truncated
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DROP all -- 172.16.0.0/12 0.0.0.0/0
DNAT tcp -- 0.0.0.0/0 10.3.3.1 tcp dpt:80
to:192.168.1.200:80
#iptables -L -n ##this list is truncated
Chain INPUT (policy DROP)
target prot opt source destination
tcp_packets tcp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 192.168.1.255
ACCEPT all -- 0.0.0.0/0 192.168.1.1
ACCEPT all -- 0.0.0.0/0 10.3.3.3 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT INPUT packet died: '
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.200 tcp dpt:80
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT FORWARD packet died: '
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.1.1 0.0.0.0/0
ACCEPT all -- 10.3.3.3 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min
burst 3 LOG flags 0 level 7 prefix `IPT OUTPUT packet died: '
Chain allowed (4 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x0216/0x022
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
nme
----------------------------------------------
Noah Eiger
nme@earthlink.net
----------------------------------------------