Port Forwarding Problem

Taylor, Grant gtaylor at riverviewtech.net
Fri Apr 15 16:32:53 CEST 2005

I do not recall seeing the original post so I did not see your firewall rule set.  If you have your default policy for the FORWARD chain set to DROP you will need to explicitly allow the traffic that you are trying to port forward in your FORWARD table.  For example you will need something like this:

iptables -t filter -A FORWARD -i $INet -o $LAN -p tcp --dport 800 -d $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $INet -o $LAN -p udp --dport 800 -d $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $LAN -o $INet -p tcp --dport 800 -s $IP_of_server_to_forward_to -j ACCEPT
iptables -t filter -A FORWARD -i $LAN -o $INet -p udp --dport 800 -s $IP_of_server_to_forward_to -j ACCEPT

I added rules for both TCP and UDP as I did not know which protocol you are running.  If you don't need one or the other just take the pair (in and out) of rules out.

Grant. . . .

Samuel Díaz García wrote:
> Without having a look into your scripts, I think you need:
> 1) Allow INPUT into filter table to the port.
> 2) Allow FORDWARD into filter table to the redirected conection.
> Good luck.
> Julian Labuschagne writes:
>> Hi everyone I'm a bit new to iptables so please bear with me on this 
>> one ;)
>> I wrote a small firewall that basicaly nats users through my gateway 
>> machine only allowing certain hosts on my network Web DNS and Mail 
>> access.
>> This section works fine.
>> But I also want to port forward any connections from outside to port 
>> 800 to a host running inside my LAN.
>> I added a rule in the PREROUTING table to do this.
>> But it seems that no connection gets forwarded.
>> If I set my default policies to ACCEPT and add the PREROUTING rule it 
>> actualy does the port forwarding correctly.
>> I attached a copy of the firewall I wrote with this message.
>> Please can someone have a look through it for me cause I'm sure I'm 
>> just missing something.
>> Kind Regards Julian.
> Samuel D�az Garc�a
> Director Gerente
> ArcosCom Wireless, S.L.L.
> mailto:samueldg at arcoscom.com
> http://www.arcoscom.com
> m�vil: 651 93 72 48
> tlfn.: 956 70 13 15
> fax:   956 70 34 83

More information about the netfilter mailing list