-1

I'm trying to perfom a Local Port Forwarding using SSH tunneling.

Machine 1: the rules of iptables are:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

Machine 2: ssh server (sshd) accepting traffic from port 22.

SSH command:

ssh lub2@10.0.2.6 -L 8080:209.188.89.221:80

Where: 209.188.89.221 is a random HTTP webpage, 10.0.2.6 is the IP of Machine 2 (and lub2 the username)

This way I should be abble to access the webpage (209.188.89.221) using http://127.0.0.1:8080 as a URL (from Machine 1), but it loads and no result.

In brief, if I open all the ports on Machine 1, the port forwarding works but when I open just the 22 (and all the other close) it does not. Do you have an explanation ?

Cheers

Addon
  • 1
  • 2

1 Answers1

0

Your OUTPUT chain drops packets to all ports except 80. When you are loading the webpage at http://127.0.0.1:8080, its destination is port 8080, which is not allowed in the OUTPUT chain.

You can allow all traffic from/to localhost with these lines:

iptables -I INPUT 1 -i lo -j ACCEPT
iptables -I OUTPUT 1 -o lo -j ACCEPT

This does not affect the external security of your computer.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63
  • Thanks but what does the "0" afer INPUT and OUPUT stand for ? When entering this command I get an error: "invalid rule number 0" – Addon Jul 19 '16 at 12:28
  • It means the position to use when inserting the rules to the chains. I forgot that iptables numbering starts from 1, not from 0. I fixed the answer. I am using the "insert at position" format of iptables, because one wants these rules to be first in the chains. – Tero Kilkanen Jul 19 '16 at 12:30