All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Iptables FORWARD (NAT port 8080 on external IP to internal LXC IP)
Hi
I'm experimenting with LXC, and trying to forward the traffic sent do the external IP on port 8080 to an internal IP on port 80 where nginx is listening.
It works if I set policy ACCEPT for the Chain FORWARD and then:
iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 192.168.XX.XX:80
Fine. But is it secure to have ACCEPT as the default rule for FORWARD? I don't feel good.
I tried different ways to make this NAT work with DROP as the default for FORWARD but without success so far. Could an Iptables Guru help me?
If I keep ACCEPT as the default, and try then to create a rule in the filter then drop other connections it doesn't work and I don't understand why.
iptables -A FORWARD -i eth0 -p tcp --dport 8080 -j ACCEPT
iptables -A FORWARD -j DROP
Anyone can help?
Thanks a lot!
Comments
Try adding
EDIT: You were forwarding the inbound, but not allowing the outbound connection from the VM to get forwarded back out with the below.
I just saw that you are using LXC of which I am not familiar so change the venet0 above to the appropriate interface.
I think you are forwarding traffic to port 80, therefore that would be your --dport on the forward command.
Your
is fine.
Thanks FrankZ!
Will keep on experimenting, but so far even allowing the traffic on the inbound it doesn't work. I use a bridge interface (br0) and each LXC server has it's own interface too on the host. I'll try differents things and share the result here once I've been able to get that setup working with the ability to finally REJECT or DROP at the end of my FORWARD ruleset...