[lug] using iptables for exposing web servers on public IPs?

Siegfried Heintze siegfried at heintze.com
Thu Apr 7 11:15:32 MDT 2005


I've been studying the tutorials on iptables and soliciting for help on the
forums on openwrt.org because I'm trying to use a linksys router (WRT54G) I
got at Circuit City loaded with the openwrt (a linunx distro) to expose
multiple Apache HTTPD sites on my internal network.

Whew! That iptables is a complex utility! Anyway, since iptables is not
specific to openwrt I thought I would solicit LUG for advice. I'm getting a
few suggestions from openwrt.org but nothing is working yet.

Here are my attempts:

iptables -I FORWARD -d 209.97.230.252 -p tcp --dport 80 -j ACCEPT 
iptables -t nat -I PREROUTING -p tcp -d 209.97.230.252 -i vlan1 --dport 80
-j DNAT --to 192.168.1.252

I'm trying to forward requests for 209.97.230.252 to my internal network
address of 192.168.1.252.

I've been experimenting with "-i vlan1". I'm not sure what to put here. The
documentation at http://openwrt.org/OpenWrtDocs/Configuration says vlan1 is
the name for the WAN interface.

Now the iptables tutorial at
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#HOWITWAS says
there might be a problem with using a machine on your own internal network
to hit your own external address. So, I setup a second machine on a second
router (a DLink) on 209.97.230.254 (and verified with grc.com that I was
indeed 209.97.230.254) and tried to hit my own web page at 209.97.230.252:
no luck.

Any ideas?
If not, are there any ideas on favorite places to post this kind of query?

Thanks,
Siegfried




More information about the LUG mailing list