Port forwarding with UFW

[Spivey]

I'm trying to set up port forwarding, so pointing a web server from the public internet to port 8080 on machine A (163.1.147.42) will access a web server on machine B (192.168.13.112) on a private network. Machine A has a second interface 192.168.13.254 on the private network, and masquerading from the private network to the internet is already working.

The symptom is that connections can apparently be made from the outside world to the desired port 163.1.147.42:8080, but as soon as data is sent, the connection is closed:

Code: Select all

mike@flotsam:~$ telnet spivey 8080
Trying 163.1.147.42...
Connected to spivey.oriel.ox.ac.uk.
Escape character is '^]'.
GET / HTTP/1.0
Connection closed by foreign host.
mike@flotsam:~$ 

What's more, a similar experiment conducted on Machine A with "telnet 192.168.13.112 80" does succeed in retrieving a page from the web server.

Here are the rules I've written in /etc/ufw/before.rules:

Code: Select all

# NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]

# Forward requests from port 8080 to new server
-A PREROUTING -i enp0s25 -d 163.1.147.42 -p tcp --dport 8080 -j DNAT --to-destination 192.168.13.112:80

# Forward traffic through upstream ethernet
-A POSTROUTING -s 192.168.13.0/24 -o enp0s25 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

Added to that, I've set DEFAULT_FORWARD_POLICY="ACCEPT" in /etc/default/ufw. And of course IP forwarding is turned on in the kernel, or the masquerading from inside to outside wouldn't work.

What's wrong here?