I am setting up a masqing box for my DSL connection and am having trouble getting forwarding to work. I have followed many HOWTO's from various sites including this HOWTO
I want to, for example, forward all incoming connections at port 80 to my internal WWW server (192.168.0.110). My connection to the internet from my local internal LAN works just fine, but when I try to connect to my external IP:80 from the outside world looking in the web browser just hangs. I have tried the same with port 22 for SSH, with similar results. Any tips would be great. The forwarding lines are at the bottom of the included script, but I think something might need to be changed elsewhere in the script which is almost copied line by line from the URL above -- with minor modifications for my setup.
#!/bin/sh
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
/sbin/depmod -a
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
PORTFWIP=192.168.0.110
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d 207.X.X.X --dport 80 -j DNAT --to 192.168.0.110:80
I want to, for example, forward all incoming connections at port 80 to my internal WWW server (192.168.0.110). My connection to the internet from my local internal LAN works just fine, but when I try to connect to my external IP:80 from the outside world looking in the web browser just hangs. I have tried the same with port 22 for SSH, with similar results. Any tips would be great. The forwarding lines are at the bottom of the included script, but I think something might need to be changed elsewhere in the script which is almost copied line by line from the URL above -- with minor modifications for my setup.
#!/bin/sh
IPTABLES=/sbin/iptables
EXTIF="eth0"
INTIF="eth1"
/sbin/depmod -a
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
PORTFWIP=192.168.0.110
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A PREROUTING -t nat -p tcp -d 207.X.X.X --dport 80 -j DNAT --to 192.168.0.110:80