Port forwarding with UFW

Kernels & Hardware, configuring network, installing services

Port forwarding with UFW

Postby Spivey » 2020-01-30 12:14

I'm trying to set up port forwarding, so pointing a web server from the public internet to port 8080 on machine A (163.1.147.42) will access a web server on machine B (192.168.13.112) on a private network. Machine A has a second interface 192.168.13.254 on the private network, and masquerading from the private network to the internet is already working.

The symptom is that connections can apparently be made from the outside world to the desired port 163.1.147.42:8080, but as soon as data is sent, the connection is closed:
Code: Select all
mike@flotsam:~$ telnet spivey 8080
Trying 163.1.147.42...
Connected to spivey.oriel.ox.ac.uk.
Escape character is '^]'.
GET / HTTP/1.0
Connection closed by foreign host.
mike@flotsam:~$

What's more, a similar experiment conducted on Machine A with "telnet 192.168.13.112 80" does succeed in retrieving a page from the web server.

Here are the rules I've written in /etc/ufw/before.rules:
Code: Select all
# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Forward requests from port 8080 to new server
-A PREROUTING -i enp0s25 -d 163.1.147.42 -p tcp --dport 8080 -j DNAT --to-destination 192.168.13.112:80

# Forward traffic through upstream ethernet
-A POSTROUTING -s 192.168.13.0/24 -o enp0s25 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

Added to that, I've set DEFAULT_FORWARD_POLICY="ACCEPT" in /etc/default/ufw. And of course IP forwarding is turned on in the kernel, or the masquerading from inside to outside wouldn't work.

What's wrong here?
Spivey
 
Posts: 1
Joined: 2020-01-30 12:02

Return to System configuration

Who is online

Users browsing this forum: No registered users and 15 guests

fashionable