> I want to forward an outside port to a port on my LAN.
> I've got a webserver running on the server that connects to the internet.
> I want incoming connections on port 5678 to go to 192.168.0.95
> And I want incoming connection on port 80 to keep connecting to my server
> When I do the following:
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 5678 -j DNAT --to-dest
> iptables -A FORWARD -p tcp -i eth0 --dport 5678 -d 192.168.0.95 -j ACCEPT
> Outside servers can no longer connect to my webserver!!
> Why is this? I would really appreciate any comments that could shed some
> light on this!!
> I've since discovered that if I omit the second command, everything works.
> Port gets forwarded. Whoopdee doo. So what's the point of the FORWARD table
Now I understand your question. I find this extremely strange, because
if you've got the webserver listening on port 80 of the firewall then
the packets that goes to the webserver come through the INPUT chain, so
any rule in the FORWARD chain should not affect this traffic.
The rules you have written are correct and they should not affect your
webserver, so it's a mistery for me why this doesn't work.
Anyway I would use Ethereal to see what happens to the traffic and
how the webserver acts with the FORWARD rule and without it. Maybe
that way you can see what's happening.
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
bgSEC Seguridad y Consultoria de Sistemas Informaticos
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"