1

I have a generic Linux home router. I can change iptables on it by telnet to console. Currently, it is set up to forward all incoming connections to machine on my internal network, using something called a DMZ server. This setting is pretty common on home routers.

It has two ports open on the LAN interface (port 80 and port 23). These ports are used to configure it using http and telnet respectively. Both these ports appear filtered (no response, time out) if accessed via WAN interface.

What iptables rules should I add (and/or remove) to enable to router to forward port 80 (and 23) to the 'DMZ' server, if these ports are accessed from WAN interface, and to keep these ports accessible for router configuration if accessed from the LAN interface?

Improve this question

1 Answer 1

Reset to default
1

iptables has three main filtering tables: input, output, and forward.

The command below tells iptables to add (-A) a rule to the INPUT table, for a particular interface (perhaps br0 in your case) then tells iptables to allow any source port and ip connections on destination port 80 (your server) through that port (-j ACCEPT).

iptables -A INPUT -i (name of your wan side interface here - br0/eth1, etc.) --dport 80 -j ACCEPT

The command below tells iptables to add (-A) a rule to the INPUT table, for a particular interface (perhaps br1 in your case) then tells iptables to allow any source port and ip connections on destination port 23 (your server) through that port (-j ACCEPT).

iptables -A INPUT -i (name of your wan interface here - br1/eth1, etc.) --dport 23 -j ACCEPT

Improve this answer
2
  • 2
    Your answer would be lot better if you explain what the commands do instead of just posting the commands.
    – Sathyajith Bhat
    Commented Oct 20, 2015 at 6:10
  • @Sathya - Answer updated in reference to your comment.
    – Signal-to-Noise
    Commented Oct 20, 2015 at 13:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .