forwarding

This is about using webmin to administer a firewall/router on Ubuntu Server 9.10. If you’ve already done everything in Wall, then there are two parts to forwarding any port to a machine behind your router. We are operating under the assumption that eth1 is your external interface, and eth0 is your internal one.

First, you need to make a rule under the ‘filter’ IPtable in the INPUT section to allow the traffic in, since it isn’t established or related to any current connections.

The rule should look something like this if you only have one IP address attached to your router’s external interface (see Static, but Not for a little more information on using IP aliases on your external interface):

Accept if protocol is TCP and input interface is eth1 and destination port is 80

Then go to the ‘nat’ IPtable, and add a corresponding rule that will look like this in the PREROUTING section:

Destination NAT if protocol is TCP and input interface is eth1 and destination port is 80

If you have multiple IP addresses on your external interface, simply add a condition for destination address that contains your external IP (in both the ‘filter’ rule, and the ‘nat’ rule). Destination NAT (or DNAT) rules are a little tricky (at least for me they were), so here’s a bit more guidance on that:

Action to take = Destination NAT

Under IPs and ports for DNAT, set IP range to the internal/private address of the machine that should receive the traffic you are forwarding (leave the ‘to’ field blank)

Destination address = the external IP address being forwarded

Incoming interface = your external interface (eth1 for me)

Network protocol in our example was TCP

Destination TCP or UDP port = 80

If you have all those set, you can create the rule, and Apply Configuration. Repeat, and rinse. If the whole destination/source port thing confuses you, see Direction.

Leave a Reply

Your email address will not be published. Required fields are marked *