1

So I wanted to forward a port for web servers (HTTP, HTTPS) running on an Ubuntu machine behind NAT.

Port forwarding works great for the HTTP server, but for some reason, it doesn't work for the HTTPS server (I did the exact same thing).

Should I do something else for HTTPS server? Here are my iptables settings for reference.

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:192.168.40.173:8081
DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:192.168.40.173:8443

Another table. 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             192.168.40.173       tcp dpt:tproxy
ACCEPT     tcp  --  anywhere             192.168.40.173       tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             192.168.40.173       tcp dpt:https
ACCEPT     tcp  --  anywhere             192.168.40.173       tcp dpt:8443
Improve this question
8
  • You don't need accept rules if you have accept policies. Can you connect to the HTTPS server directly? What happens when you try to connect?
    – BillThor
    Commented Aug 15, 2016 at 1:02
  • Thanks for replies. @BillThor When you said "connect directly", do you mean connect with private address from inside the private network? If so, yes (using private address, not public address). If you meant connecting with public address, no. I get time-out errors. (with both curl and browser)
    – Kevin JJ
    Commented Aug 15, 2016 at 2:20
  • @KevinJJ Yes, I meant locally to the private address. Timeout errors indicate the connection is being dropped somewhere. Work out one router at a time. The tools netstat and tcpdump will help.
    – BillThor
    Commented Aug 15, 2016 at 2:54
  • @BillThor Thanks ! I will try tools you recommended. By the way, what do you mean by "one router at a time"? Sorry, I've never worked on network level.
    – Kevin JJ
    Commented Aug 15, 2016 at 2:58
  • @KevinJJ Start at the host, and move one network hop (router) at a time. In this case I would expect the Ubuntu server doing the forwarding is the next router from the server. When that works, check from the public interface side of that system. After that you may have to test from an external host with Internet connectivity.
    – BillThor
    Commented Aug 15, 2016 at 3:01

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .