I am trying to set up ipfire for the first time and cannot get port forwarding to work. I’m using the i586 version 2.27 core 159. It’s on a bare metal machine with two NICs, red (192.168.1.3) and green (192.168.0.86). I have a separate test machine, call it T (192.168.1.15). I also have a web server, call it W (192.168.0.212).
I have a single firewall rule: source is ANY, Destination NAT with Firewall interface automatic, destination 192.168.0.212, Protocol TCP and Destination port 80. I have added the rule and applied changes.
Test 1. On T, execute wget http://192.168.1.3. The response is
Connecting to 192.168.1.3:80…
indefinitely. The firewall log shows a DNAT and several FORWARDFW entries to the correct address at 192.168.0.212.
Test 2. On the ipfire machine, from the console, execute wget http://192.168.0.212. The response, as expected, is
Connecting to 192.168.0.212:80…connected.
HTTP request sent, awaiting response… 403 Forbidden
It seems like the forwarding part works based on the FORWARDFW entries, but any response appears to get lost. I suppose I could run tcpdump on the webserver to see if any traffic arrives there.
I’m sure I’m being dumb but having tried again and again, even reinstalling ipfire, I still can’t get it to work. What am I doing wrong, please?