[Chilli] Port Forwarding With CovvaChilli
Russell Mike
radius.sir at gmail.com
Fri Feb 22 07:02:15 UTC 2013
Thanks Jad,
Coovachilli is my LAN gateway, therefor I need to do the port mapping not
only web server many more services. You idea would be the last solution in
nothing worked.
Thanks for you assistance anyways.
RM --
On Thursday, February 21, 2013, Jed Gainer wrote:
> I have always avoided this situation entirely by putting a router (
> routerboard.com) above Chilli and then putting said webserver "beside"
> the chilli server rather than behind it.
>
> I just don't see why you would want to manager a webserver with chilli.
>
>
> On Thu, Feb 21, 2013 at 8:05 AM, Russell Mike <radius.sir at gmail.com<javascript:_e({}, 'cvml', 'radius.sir at gmail.com');>
> > wrote:
>
>> Hi List,
>>
>> looking for advice because i have requirement to enable port mapping
>> (port forwarding) from CoovaChilli's external ip to a web server on the LAN
>> side. i am bit confuse how to do that. There are many iptable rules always
>> created every time Coova starts, using *ipup.sh* under
>>
>> *Output: "/var/run/chilli.tun0.sh". *
>>
>> root at captive:~# cat /var/run/chilli.tun0.sh
>> iptables -D INPUT -i tun0 -p tcp -m tcp --dport 3100 --dst 192.168.10.10
>> -j ACCEPT
>> iptables -D INPUT -i tun0 -p tcp -m tcp --dport 4100 --dst 192.168.10.10
>> -j ACCEPT
>> iptables -D INPUT -i tun0 -p udp -d 255.255.255.255 --destination-port
>> 67:68 -j ACCEPT
>> iptables -D INPUT -i tun0 -p udp -d 192.168.10.10 --destination-port
>> 67:68 -j ACCEPT
>> iptables -D INPUT -i tun0 -p udp --dst 192.168.10.10 --dport 53 -j ACCEPT
>> iptables -D INPUT -i tun0 -p icmp --dst 192.168.10.10 -j ACCEPT
>> iptables -D INPUT -i tun0 --dst 192.168.10.10 -j DROP
>> iptables -D INPUT -i vlan10 -j DROP
>> iptables -D FORWARD -i vlan10 -j DROP
>> iptables -D FORWARD -o vlan10 -j DROP
>> iptables -D FORWARD -i tun0 -j ACCEPT
>> iptables -D FORWARD -o tun0 -j ACCEPT
>> iptables -D FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
>> --clamp-mss-to-pmtu
>> iptables -D FORWARD -t mangle -p tcp -m tcp --tcp-flags SYN,RST SYN -j
>> TCPMSS --clamp-mss-to-pmtu
>> iptables -D FORWARD -i tun0 ! -o eth0 -j DROP
>> iptables -D FORWARD -i tun0 -o eth0 -j ACCEPT
>>
>> *Scenario:*
>> Web_Server On LAN has: 192.168.10.10 someone want remote desktop of this
>> server when hitting external ip for CoovaChilli *WAN:41.222.34.72 *
>>
>> i am confused, if the rules created by Coova will interfere with the in
>> coming traffic from the WAN interface to LAN side. Cannot understand, if i
>> should add new rules in *"ipup.sh"* or how.
>>
>> Note: It is Ubuntu 12.4LTS default firewall is off (ufw disabled) expect
>> the Chilli creates some rules.
>>
>> thanks everyone for attending to my request.
>>
>> Regards --RM
>>
>> _______________________________________________
>> Chilli mailing list
>> Chilli at coova.org <javascript:_e({}, 'cvml', 'Chilli at coova.org');>
>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130222/d2c25d77/attachment.html>
More information about the Chilli
mailing list