NAT, iptables and problematic ports
- by Rajie
I am building a small office network with virtual machines. My schema is this:
Computer A: gateway, ip 1.1.1.1, iptables used for NAT [eth0=public internet dhcp, dhcp; eth1=gateway]
Computer B: client, ip 1.1.1.2, using gateway from Computer A.
NAT is working, and Computer B can access the internet using the A's gateway. I redirected some incoming ports from A to B (for instance, if A receives a request to port 80, it goes automatically to Computer B's Apache).
The thing is that I do not really understand how to open/close ports for Computer B from Computer A. I know how to close a port:
iptables -A INPUT -p tcp --dport 80 -j DROP
And it will refuse all incoming (not output) connections to port 80. However, this works for main interface eth0. I tried to, for instance, drop ingoing and outgoing connections for Computer B, port 80:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 80 -j DROP
iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport 80 -j DROP
But it does not work. And I cannot figure out what I am doing wrong. Any clue?