Here's the top few results of iptables --list:
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere myrouter.dyn.optonline.nettcp dpt:webcache flags:SYN,RST,ACK/SYN
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
SECURITY all -- anywhere anywhere state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
And here are the results of iptables --list -t nat:
Code:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere myrouter.dyn.optonline.nettcp dpt:www to:[router's actual ip]:8080
DROP tcp -- anywhere anywhere tcp dpt:webcache
VSERVER all -- anywhere myrouter.dyn.optonline.net
NETMAP udp -- anywhere myrouter.dyn.optonline.netudp spt:6112 192.168.1.0/24
I'm 100% sure busybox works because I can access my pages from WAN on a different port (8008) with that port forwarded in post-firewall as
Code:
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -t nat -A PREROUTING -i -p tcp --dport 8008 -j DNAT --to-destination :8008
Busybox runs on my /opt/share/www directory of the USB hard drive.
Update: When I go to http://myrouteripaddress (which is the ip i get from whatismyip.com), I get the web page, but I know that when I ask people to visit the ip address, they get a Page cannot be displayed error. Do I have something in my post-firewall config mixed up?
Here's my post-firewall in its entirety:
Code:
#!/bin/sh
iptables -D INPUT -j DROP
#iptables -A INPUT -p tcp --dport 81 -j ACCEPT
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#iptables -t nat -I PREROUTING 1 -i $1 -p tcp --dport 80 -j DNAT --to-destination $2:81
iptables -t nat -I PREROUTING 1 -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8080
iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
iptables -t nat -I PREROUTING 2 -i "$1" -p tcp --dport 8080 -j DROP
iptables -I INPUT 1 -i "$1" -d "$2" -p tcp --syn --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 1213 -j ACCEPT
iptables -A INPUT -p tcp --dport 1214 -j ACCEPT
iptables -A INPUT -p tcp --dport 3512 -j ACCEPT
iptables -A INPUT -p tcp --dport 56881:56889 -j ACCEPT
iptables -A INPUT -p tcp --dport 9387 -j ACCEPT
iptables -t nat -A PREROUTING -i -p tcp --dport 22 -j DNAT --to-destination :22
iptables -t nat -A PREROUTING -i -p tcp --dport 21 -j DNAT --to-destination :21
iptables -t nat -A PREROUTING -i -p tcp --dport 8008 -j DNAT --to-destination :8008
iptables -t nat -A PREROUTING -i -p tcp --dport 1213 -j DNAT --to-destination :1213
iptables -t nat -A PREROUTING -i -p tcp --dport 1214 -j DNAT --to-destination :1214
iptables -t nat -A PREROUTING -i -p tcp --dport 3512 -j DNAT --to-destination :3512
iptables -t nat -A PREROUTING -i -p tcp --dport 56881 -j DNAT --to-destination :56881
iptables -t nat -A PREROUTING -i -p tcp --dport 56882 -j DNAT --to-destination :56882
iptables -t nat -A PREROUTING -i -p tcp --dport 56883 -j DNAT --to-destination :56883
iptables -t nat -A PREROUTING -i -p tcp --dport 56884 -j DNAT --to-destination :56884
iptables -t nat -A PREROUTING -i -p tcp --dport 56885 -j DNAT --to-destination :56885
iptables -t nat -A PREROUTING -i -p tcp --dport 56886 -j DNAT --to-destination :56886
iptables -t nat -A PREROUTING -i -p tcp --dport 56887 -j DNAT --to-destination :56887
iptables -t nat -A PREROUTING -i -p tcp --dport 56888 -j DNAT --to-destination :56888
iptables -t nat -A PREROUTING -i -p tcp --dport 56889 -j DNAT --to-destination :56889
iptables -t nat -A PREROUTING -i -p tcp --dport 9387 -j DNAT --to-destination :3689
ip link set dev $1 qlen 30
iptables -A PREROUTING -t mangle -s 10.0.1.0/30 -j MARK --set-mark 6
/usr/local/sbin/wshaper start $1 3600 240
iptables -A INPUT -j DROP