Unable to get PREROUTiNG DNAT rules working with CSF
Posted: 26 May 2015, 05:00
I've put my needed rules in csfpost.sh, used the full path to /sbin/iptables-restore in my case, and I can verify that my rules are in place after I start `csf -r`
` iptables -t nat -L -v -n` tells me they are in.
my rules are:
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.3.5:80
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
In doubt, I have added 10.0.3.0/24 to csf.allow, but to no avail.
The odd thing is, if I iptables-restore my rules when csf is running, the port forwarding is not working.
After the 5 mn limit in TESTING mode, forwarding is still not working, until I iptables-restore again. Then I get my forwarding back.
This leads me to think that there are other rules blocking the forward. So my setup should be good, and I'm just missing something somewhere to unblock my forwarding.
Experienced user, help welcome
` iptables -t nat -L -v -n` tells me they are in.
my rules are:
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.3.5:80
-A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE
In doubt, I have added 10.0.3.0/24 to csf.allow, but to no avail.
The odd thing is, if I iptables-restore my rules when csf is running, the port forwarding is not working.
After the 5 mn limit in TESTING mode, forwarding is still not working, until I iptables-restore again. Then I get my forwarding back.
This leads me to think that there are other rules blocking the forward. So my setup should be good, and I'm just missing something somewhere to unblock my forwarding.
Experienced user, help welcome