February 4, 2017
I am using UFW to protect my network. How do I forward TCP HTTP port # 80 and 443 to
an internal server hosted at 192.168.1.100:80 and 192.168.1.100:443 using UFW on
Ubuntu Linux server?
UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and
aims to provide an easy to use interface for the user. In this tutorial, you will learn how to
forward incoming traffic to your server running ufw on port 80/443 to port 80/443 on
another internal server hosted in your LAN/VLAN.
All request for 202.54.1.1 port 80 and 443 need to redirect to another internal server.
DNAT
If you have a server on your internal network that you want make available externally, you
can use the -j DNAT target of the PREROUTING chain in NAT to specify a destination IP
address and port where incoming packets requesting a connection to your internal service
can be forwarded. The syntax is:
1/3
OR
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d { PUBLIC_IP} --dport
443 -j DNAT --to {INTERNAL_IP}:443
*nat
:PREROUTING ACCEPT [0:0]
# forward 202.54.1.1 port 80 to 192.168.1.100:80
# forward 202.54.1.1 port 443 to 192.168.1.100:443
-A PREROUTING -i eth0 -d 202.54.1.1 -p tcp --dport 80 -j DNAT --to-destination
192.168.1.100:80
-A PREROUTING -i eth0 -d 202.54.1.1 -p tcp --dport 443 -j DNAT --to-destination
192.168.1.100:443
# setup routing
-A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
COMMIT
net.ipv4.ip_forward=1
This entry is 3 of 7 in the Uncomplicated Firewall (UFW) series. Keep reading the rest of
the series:
1. How to install UFW firewall on Ubuntu 16.04 LTS server
2/3
2. How to open ssh port using ufw on Ubuntu/Debian Linux
3. How to configure ufw to forward port 80/443 to internal server hosted on LAN
4. How to block an IP address with ufw on Ubuntu Linux server
5. How to limit SSH (TCP port 22) connections with ufw on Ubuntu Linux
6. How To: Ubuntu Linux Firewall Open Port Command Using UFW
7. How to open DNS port 53 using ufw on Ubuntu/Debian Linux
3/3