iptables portforwarding or traffic forwarding isn’t work within LAN

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

I created a raspberry router with Ubuntu with all the networking and everything I was able to port forward from the external network to the internal network. But currently, I am unable to access webservers or websites hosted on my LAN (using domain names)
# /etc/rc.local

# Default policy to drop all incoming packets.
iptables -P INPUT DROP
iptables -P FORWARD DROP

# local ports
iptables -A INPUT -p tcp -s 192.168.0.0/16 –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
#port forwarding to internal git server
iptables -A INPUT -p tcp -s 192.168.0.0/16 –dport 2222 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

# Accept incoming packets from localhost and the LAN interface.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i wlan0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -i eth2 -j ACCEPT
iptables -A INPUT -i wlan1 -j ACCEPT

# local ports
iptables -A INPUT -p tcp -m tcp –dport 22 -j ACCEPT

# Accept incoming packets from the WAN if the router initiated the connection.
iptables -A INPUT -i eth0 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

# Forward LAN packets to the WAN.
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -j ACCEPT
iptables -A FORWARD -i wlan1 -o eth0 -j ACCEPT

# Forward Packets Internally
iptables -A FORWARD -i wlan1 -o eth1 -j ACCEPT

# Forward WAN packets to the LAN if the LAN initiated the connection.
iptables -A FORWARD -i eth0 -o wlan0 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth2 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth0 -o wlan1 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

# NAT traffic going out the WAN interface.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Port Forwarding
# Port 80
iptables -A INPUT -p tcp –dport 80 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp –sport 80 -m conntrack –ctstate ESTABLISHED -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 80 -j DNAT –to 192.168.10.5:8080
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 8080 -j ACCEPT

# Port 443
iptables -A INPUT -p tcp –dport 443 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp –sport 443 -m conntrack –ctstate ESTABLISHED -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 443 -j DNAT –to 192.168.10.5:443
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 443 -j ACCEPT

# Port Git ssh
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 2222 -j DNAT –to 192.168.10.5:2222
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 2222 -j ACCEPT

# Port service
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 4567 -j DNAT –to 192.168.10.5:4567
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 4567 -j ACCEPT

# Port SMTP
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 25 -j DNAT –to 192.168.10.5:25
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 25 -j ACCEPT

# Port SMTP ssl
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 465 -j DNAT –to 192.168.10.5:465
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 465 -j ACCEPT

# Port SMTP tls
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 587 -j DNAT –to 192.168.10.5:587
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 587 -j ACCEPT

# Port POP
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 993 -j DNAT –to 192.168.10.5:993
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 993 -j ACCEPT

# Port IMAP
iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 995 -j DNAT –to 192.168.10.5:995
iptables -A FORWARD -p tcp -d 192.168.10.5 –dport 995 -j ACCEPT

# rc.local needs to exit with 0

exit 0

I am not expert with iptables, is there a way to allow access to local machines on subnet 192.168.0.0/16 to website example.com and other services hosted on webserver 192.168.10.5 ?

X ITM Cloud News

Marisa

Leave a Reply

Next Post

Migrate Ubuntu 16.04 between laptops (same model)

Sat Sep 12 , 2020
Spread the love          I would like to learn on how I can make a copy of system to be moved to another machine. My laptop started to fail at few things, most likely hardware issue, and I must send it to manufacturer’s technical service. Before I do so, I’d like to […]
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM