Re: I dont know how to forward port 80

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-02-10 at 07:34, Micah James Sergey wrote:
> hello, i have my computer hooked up through a router and would like to 
> use my computer as a server. ive set up the router so it forwards port 
> 80 to the to-be server. however, i have no idea how to set up the 
> iptables so the server accepts stuff. id really appreciate it if someone 
> would send me the commands for doing so. it'd also be nice if they could 
> explain what each line does.

might i suggest a perusal of:

  http://iptables-tutorial.frozentux.net/iptables-tutorial.html

that way--you don't have to rely on what we tell you.

but since we're in the age of "instant gratification is too slow" i'll
take a stab at it...

if i understand you correctly--you have a router (not running iptables)
that is forwarding port 80 to $INSIDE_MACHINE_IP and you're running
iptables on $INSIDE_MACHINE and need to know how to allow port 80
traffic in to it.  if that's correct:

  # start fresh--flush all rules and set filter policies to ACCEPT
  for t in mangle nat filter; do
    iptables -t $t -F
    iptables -t $t -X
    iptables -t $t -Z
  done
  for c in INPUT OUTPUT FORWARD; do
    iptables -P $c ACCEPT
  done

  # set the INPUT policy to DROP
  iptables -P INPUT DROP

  # allow input packets that are part of an established connection
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

  # allow HTTP requests in
  iptables -A INPUT -p tcp --syn --dport 80 -j ACCEPT

  # more rules, depending on your setup
  [ ... ]

  # allow loopback traffic
  iptables -A INPUT -i lo -j ACCEPT

  # log anything which is about to dropped by the chain policy
  iptables -A INPUT -m limit --limit 12/min --limit-burst 3 \
    -j LOG --log-prefix "FW DROP INPUT: "

-j

--
"Look, just give me some inner peace, or I'll mop the floor with ya!"
	--The Simpsons



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux