[Firehol-support] Problem with two interface firewall with web servers behind NAT

Kenny Colliander Nordin kecon81 at gmail.com
Tue Mar 22 07:40:44 CET 2016


Hi,

I'm trying to get my firewall to port forward HTTP/HTTPS traffic to my
webserver on private address space. I can't get any traffic through from
Internet to the webserver.

Tried to follow all the examples for a couple of hours now, but I'm not
able to see the problem..

Setup:

eth0 = Internet
eth1 = LAN with 192.168.127.0/24 network
192.168.127.20 = Web server

I want all incoming eth0 traffic on port 80 and 443 to be forwarded to the
web server at 192.168.127.20 with the correlating port numbers.

I use the following setup on Ubuntu 14.04

# ----
version 5

dnat to 192.168.127.20 inface eth0 proto tcp dport 80
dnat to 192.168.127.20 inface eth0 proto tcp dport 443

interface eth1 lan src "192.168.127.0/24"
    policy accept

interface eth0 internet
    server http accept
    server https accept
    client all accept

router internet2web inface eth0
   server http accept dst 192.168.127.20
   server https accept dst 192.168.127.20
   client all accept
   route all accept

router lan2internet inface eth1 outface eth0
    masquerade
    client all accept
    route all accept

# ----

Help appreciated,
Kenny


More information about the Firehol-support mailing list