Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: UFW and Port Forwarding

  1. October 3rd, 2009 #11
    ene_dene
    ene_dene is offline Way Too Much Ubuntu
    Join Date
    Jan 2008
    Location
    Zagreb/Croatia
    Beans
    263
    Distro
    Ubuntu

    Re: UFW and Port Forwarding

    This is strange, first rule works but the other ones are ignored (other ones in prerouting, the last rule masquerade works fine). Here's my before.rules:
    Code:
    #nat Table rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.200:80
-A PREROUTING -i eth1 -p tcp --dport 10090 -j DNAT --to 192.168.0.2:22

:POSTROUTING ACCEPT [0:0]
#forward from eth0 through eth1
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
    The forwarding of port 80 to host 192.168.0.200 works fine, but forwarding from 10090 to 192.168.0.2 port 22 doesn't work. And if I interchange the rules then the forwarding to 22 works fine and to 80 on a 192.168.0.200 doesn't.
    I assume that I need to add something to before second rule, but what?

    EDIT:
    It's more complicated than this... Now some rules work... other don't, I don't know where to start.
    Is there some other firewall that I could use like Firestarter (I can't use it on server, because no gui) where port forwarding is easier?
    Last edited by ene_dene; October 3rd, 2009 at 11:29 AM.
    Advanced reply Adv Reply  
  2. October 3rd, 2009 #12
    rotty3000
    rotty3000 is offline First Cup of Ubuntu
    Join Date
    Feb 2009
    Location
    Canada
    Beans
    3
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: UFW and Port Forwarding

    Looks like you forgot the COMMIT instruction after the table rules.

    Try:

    Code:
    #nat Table rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.200:80
-A PREROUTING -i eth1 -p tcp --dport 10090 -j DNAT --to 192.168.0.2:22
COMMIT

:POSTROUTING ACCEPT [0:0]
#forward from eth0 through eth1
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
COMMIT
    ... I think!
    Advanced reply Adv Reply  
  3. October 4th, 2009 #13
    ene_dene
    ene_dene is offline Way Too Much Ubuntu
    Join Date
    Jan 2008
    Location
    Zagreb/Croatia
    Beans
    263
    Distro
    Ubuntu

    Re: UFW and Port Forwarding

    Thank you for your answer, but the problem was a little more confusing than that. Some rules that I put to before.rules were working after I deleted them, and some didn't after I put them (I also tried iptables -F)... After restart everything works like it should, here is how I put it:
    Code:
    :POSTROUTING ACCEPT [0:0]
#forward from eth0 through eth1
-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.0.200:80
-A PREROUTING -i eth1 -p udp --dport 10090 -j DNAT --to 192.168.0.202:22
-A PREROUTING -i eth1 -p tcp --dport 10090 -j DNAT --to 192.168.0.202:22
COMMIT
    I will be very glad if programmers of ufw would put masquerading and forwarding/routing options in their firewall so it's easy to use like Firestarter. Than having a home server and good firewall would be really easy.
    Does anyone know are there such plans?
    Advanced reply Adv Reply  
Page 2 of 2 FirstFirst 12
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct