Iptables DNAT blocking firewall host
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a machine where I manage the firewall using UFW. I have setup a few DNAT rules. It works well from the network but not at all from the server itself:
Server IP:
inet 10.0.4.4/23 brd 10.0.5.255 scope global br0
10.0.4.10 in an LXC host running on the same server, networked through a bridged network interface (br0).
/etc/ufw/before.rules:
*nat
:PREROUTING ACCEPT [0:0]
# HTTP
-A PREROUTING -d 10.0.4.4 -p tcp --dport 80 -j DNAT --to 10.0.4.10:80
-A PREROUTING -d 10.0.4.4 -p tcp --dport 443 -j DNAT --to 10.0.4.10:443
COMMIT
I can access the 10.0.4.10 lxc host from the network using the 10.0.4.4 IP, but not from the server itself:
# curl --head http://10.0.4.4
curl: (7) Failed to connect to 10.0.4.4 port 80: Connection refused
But it can access 10.0.4.10 directly:
# curl --head http://10.0.4.10
HTTP/1.1 200 OK
What I have I done wrong ?
iptables nat ufw loopback
add a comment |Â
up vote
0
down vote
favorite
I have a machine where I manage the firewall using UFW. I have setup a few DNAT rules. It works well from the network but not at all from the server itself:
Server IP:
inet 10.0.4.4/23 brd 10.0.5.255 scope global br0
10.0.4.10 in an LXC host running on the same server, networked through a bridged network interface (br0).
/etc/ufw/before.rules:
*nat
:PREROUTING ACCEPT [0:0]
# HTTP
-A PREROUTING -d 10.0.4.4 -p tcp --dport 80 -j DNAT --to 10.0.4.10:80
-A PREROUTING -d 10.0.4.4 -p tcp --dport 443 -j DNAT --to 10.0.4.10:443
COMMIT
I can access the 10.0.4.10 lxc host from the network using the 10.0.4.4 IP, but not from the server itself:
# curl --head http://10.0.4.4
curl: (7) Failed to connect to 10.0.4.4 port 80: Connection refused
But it can access 10.0.4.10 directly:
# curl --head http://10.0.4.10
HTTP/1.1 200 OK
What I have I done wrong ?
iptables nat ufw loopback
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a machine where I manage the firewall using UFW. I have setup a few DNAT rules. It works well from the network but not at all from the server itself:
Server IP:
inet 10.0.4.4/23 brd 10.0.5.255 scope global br0
10.0.4.10 in an LXC host running on the same server, networked through a bridged network interface (br0).
/etc/ufw/before.rules:
*nat
:PREROUTING ACCEPT [0:0]
# HTTP
-A PREROUTING -d 10.0.4.4 -p tcp --dport 80 -j DNAT --to 10.0.4.10:80
-A PREROUTING -d 10.0.4.4 -p tcp --dport 443 -j DNAT --to 10.0.4.10:443
COMMIT
I can access the 10.0.4.10 lxc host from the network using the 10.0.4.4 IP, but not from the server itself:
# curl --head http://10.0.4.4
curl: (7) Failed to connect to 10.0.4.4 port 80: Connection refused
But it can access 10.0.4.10 directly:
# curl --head http://10.0.4.10
HTTP/1.1 200 OK
What I have I done wrong ?
iptables nat ufw loopback
I have a machine where I manage the firewall using UFW. I have setup a few DNAT rules. It works well from the network but not at all from the server itself:
Server IP:
inet 10.0.4.4/23 brd 10.0.5.255 scope global br0
10.0.4.10 in an LXC host running on the same server, networked through a bridged network interface (br0).
/etc/ufw/before.rules:
*nat
:PREROUTING ACCEPT [0:0]
# HTTP
-A PREROUTING -d 10.0.4.4 -p tcp --dport 80 -j DNAT --to 10.0.4.10:80
-A PREROUTING -d 10.0.4.4 -p tcp --dport 443 -j DNAT --to 10.0.4.10:443
COMMIT
I can access the 10.0.4.10 lxc host from the network using the 10.0.4.4 IP, but not from the server itself:
# curl --head http://10.0.4.4
curl: (7) Failed to connect to 10.0.4.4 port 80: Connection refused
But it can access 10.0.4.10 directly:
# curl --head http://10.0.4.10
HTTP/1.1 200 OK
What I have I done wrong ?
iptables nat ufw loopback
asked Jun 22 at 3:39
Laurent
1012
1012
add a comment |Â
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451217%2fiptables-dnat-blocking-firewall-host%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password