OK, what I wanted was to run a (second) webserver for the WAN side. My website must be stored on a USB stick and will be updated through Samba.
I found out what I was doing wrong. The main issue was that my post-firewall script missed #!/bin/sh on the first line.
Then, I found out how to check the iptables chains:
Code:
iptables --list -t nat
for checking the PREROUTING chain and for checking the INPUT chain.
With these commands I saw that (in my case) the rules were added to the bottom of the chain, were they are useless. So I added a 1 and 2 after the -I command to get them to the top of the chain. (I learned a lot on iptables here.)
The last problem I encountered was that starting busybox_httpd in post-boot on /tmp/harddisk, were I initially found my USB stick, does not work because this directory is not mapped at the time post-boot is executed. I mapped the USB stick to /mnt and finally I was ready.
Here are the files I use.
/etc/smb.conf:
Code:
[global]
workgroup=mygroup
guest account=nobody
security=share
browseable=yes
guest ok=yes
guest only=no
log level=1
max log size=100
encrypt passwords=yes
dns proxy=no
[fat32]
path=/mnt
writeable=yes
browseable=yes
force user=admin
/tmp/local/sbin/post-firewall:
Code:
#!/bin/sh
/usr/sbin/iptables -t nat -I PREROUTING 1 -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8080
/usr/sbin/iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
/usr/sbin/iptables -t nat -I PREROUTING 2 -i "$1" -p tcp --dport 8080 -j DROP
/usr/sbin/iptables -I INPUT 1 -i "$1" -d "$2" -p tcp --syn --dport 8080 -j ACCEPT
/tmp/local/sbin/post-boot:
Code:
#!/bin/sh
mount -t vfat /dev/scsi/host0/bus0/target0/lun0/part1 /mnt
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
busybox_httpd -p 8080 -h /mnt
Note that I use -t vfat with the mount command. Before I added that all the files I copied to my USB stick over Samba got short (8.3) filenames.