Scribd Logo
Unggah

Selamat datang di Scribd!

  • Cyberciti - Biz-How To Configure Ufw To Forward Port 80443 To Internal Server Hosted On LAN

    Diunggah oleh

    list_course
    45 tayangan3 halaman
    Info

    Judul Asli

    Cyberciti.biz-How to Configure Ufw to Forward Port 80443 to Internal Server Hosted on LAN

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Info

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    45 tayangan3 halaman

    Cyberciti - Biz-How To Configure Ufw To Forward Port 80443 To Internal Server Hosted On LAN

    Diunggah oleh

    list_course
    Info

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 3

    How to configure ufw to forward port 80/443 to internal

    server hosted on LAN


    cyberciti.biz/faq/how-to-configure-ufw-to-forward-port-80443-to-internal-server-hosted-on-lan

    February 4, 2017

    I am using UFW to protect my network. How do I forward TCP HTTP port # 80 and 443 to
    an internal server hosted at 192.168.1.100:80 and 192.168.1.100:443 using UFW on
    Ubuntu Linux server?

    UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and
    aims to provide an easy to use interface for the user. In this tutorial, you will learn how to
    forward incoming traffic to your server running ufw on port 80/443 to port 80/443 on
    another internal server hosted in your LAN/VLAN.

    Our sample setup


    Let us say you want to forward requests going to {80,443} to a server listening on
    192.168.1.100:{80,443}:

    Fig.01: How to configure ufw to redirect http traffic to another IP:port

    All request for 202.54.1.1 port 80 and 443 need to redirect to another internal server.

    DNAT
    If you have a server on your internal network that you want make available externally, you
    can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP
    address and port where incoming packets requesting a connection to your internal service
    can be forwarded. The syntax is:

    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d {PUBLIC_IP} --dport 80


    -j DNAT --to {INTERNAL_IP}:80

    1/3
    OR
    /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d { PUBLIC_IP} --dport
    443 -j DNAT --to {INTERNAL_IP}:443

    Postrouting and IP Masquerading


    To allow LAN nodes with private IP addresses to communicate with external public
    networks, configure the firewall for IP masquerading, which masks requests from LAN
    nodes with the IP address of the firewall’s external device such as eth0. The syntax is:
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    OR
    /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -
    j MASQUERADE

    How to configure ufw to setup a port forward


    You need to edit /etc/ufw/before.rules file, enter:
    $ sudo vi /etc/ufw/before.rules
    Next configure ufw to redirect http traffic to another (LAN) IP:port. At the top file, append:

    *nat
    :PREROUTING ACCEPT [0:0]
    # forward 202.54.1.1 port 80 to 192.168.1.100:80
    # forward 202.54.1.1 port 443 to 192.168.1.100:443
    -A PREROUTING -i eth0 -d 202.54.1.1 -p tcp --dport 80 -j DNAT --to-destination
    192.168.1.100:80
    -A PREROUTING -i eth0 -d 202.54.1.1 -p tcp --dport 443 -j DNAT --to-destination
    192.168.1.100:443
    # setup routing
    -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
    COMMIT

    Save and close the file. Edit /etc/sysctl.conf:


    $ sudo vi /etc/sysctl.conf
    Set/edit as follows:

    net.ipv4.ip_forward=1

    Save and close the file. Reload changes:


    $ sudo sysctl -p
    Finally, restart the firewall to enable routing:
    $ sudo systemctl restart ufw
    Make sure port 80 and 443 is allowed, otherwise ufw will block the requests that are
    redirected to internal 192.168.1.100:{80,443}:
    $ sudo ufw allow proto tcp from any to 202.54.1.1 port 80
    $ sudo ufw allow proto tcp from any to 202.54.1.1 port 443
    Verify new settings:
    $ sudo ufw status
    $ sudo iptables -t nat -L -n -v
    Finally, make sure your domain has DNS type ‘a’ set to 202.54.1.1.

    This entry is 3 of 7 in the Uncomplicated Firewall (UFW) series. Keep reading the rest of
    the series:
    1. How to install UFW firewall on Ubuntu 16.04 LTS server
    2/3
    2. How to open ssh port using ufw on Ubuntu/Debian Linux
    3. How to configure ufw to forward port 80/443 to internal server hosted on LAN
    4. How to block an IP address with ufw on Ubuntu Linux server
    5. How to limit SSH (TCP port 22) connections with ufw on Ubuntu Linux
    6. How To: Ubuntu Linux Firewall Open Port Command Using UFW
    7. How to open DNS port 53 using ufw on Ubuntu/Debian Linux

    Official Linux Foundation Certifications and Training - 15% Off


    Get 15% off on Linux Foundation certified SysAdmin, Progamming, Kubernetes/Containers
    and Open Stack certification & course. Use "CYBER15" coupon code.
    training.linuxfoundation.org

    Posted by: Vivek Gite


    The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a
    trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on
    SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email
    newsletter.

    3/3

    Anda mungkin juga menyukai