<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">Hey, all. So I finally yanked my Comcast modem ("for reasons," largely having to do with lack of static routes), and put in my own cable modem, a WAP, and a RasPi-4 that's doing routing/NAT. It all works great. But... I have services exposed that I want to access on the public IP. It works *great* from out there, but if I try to access the public IP from my NATted network, no dice. And, sadly, if there's one Linux place where there's a truck-sized hole in my knowledge, it's IP Tables. I've googled the Interwebs to no avail on what magic IPTables stuff would be needed to make it work. Here's my current script:<br /><br /><span style="font-family: 'andale mono', monospace;"><a href="mailto:root@ubuntu:"><span style="font-family: 'andale mono', monospace;">root@ubuntu:</span></a>/usr/local/bin# cat start-NAT.sh </span><br /><span style="font-family: 'andale mono', monospace;">#!/bin/bash</span><br /><span style="font-family: 'andale mono', monospace;">export PUBLIC=eth1</span><br /><span style="font-family: 'andale mono', monospace;">export PRIVATE=eth0</span><br /><br /><span style="font-family: 'andale mono', monospace;">echo 1 > /proc/sys/net/ipv4/ip_forward</span><br /><span style="font-family: 'andale mono', monospace;">iptables -t nat -A POSTROUTING -o $PUBLIC -j MASQUERADE</span><br /><span style="font-family: 'andale mono', monospace;">iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m state --state RELATED,ESTABLISHED -j ACCEPT</span><br /><span style="font-family: 'andale mono', monospace;">iptables -A FORWARD -i $PRIVATE -o $PUBLIC -j ACCEPT</span><br /><br /><span style="font-family: andale mono, monospace;">=====================================================================================================</span><br /><span style="font-family: 'andale mono', monospace;"><a href="mailto:root@ubuntu:">root@ubuntu:</a>/usr/local/bin# cat start-port-forwarding.sh </span><br /><span style="font-family: 'andale mono', monospace;">#!/bin/bash</span><br /><br /><span style="font-family: 'andale mono', monospace;">export PRIVATE=eth0</span><br /><span style="font-family: 'andale mono', monospace;">export PRIV_IP=192.168.10.1</span><br /><span style="font-family: 'andale mono', monospace;">export PUBLIC=eth1</span></div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">export JELLYFIN=192.168.10.12</div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace"><br /><span style="font-family: 'andale mono', monospace;">iptables -A FORWARD -i $PUBLIC -o $PRIVATE -p tcp --syn --dport 8096 -m conntrack --ctstate NEW -j ACCEPT</span><br /><span style="font-family: 'andale mono', monospace;">iptables -A FORWARD -i $PUBLIC -o $PRIVATE -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT</span><br /><span style="font-family: 'andale mono', monospace;">iptables -A FORWARD -i $PRIVATE -o $PUBLIC -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT</span><br /><span style="font-family: 'andale mono', monospace;">iptables -P FORWARD DROP</span><br /><span style="font-family: 'andale mono', monospace;">iptables -t nat -A PREROUTING -i $PUBLIC -p tcp --dport 8096 -j DNAT --to-destination $JELLYFIN</span><br /><span style="font-family: 'andale mono', monospace;">iptables -t nat -A POSTROUTING -o $PRIVATE -p tcp --dport 8096 -d $JELLYFIN -j SNAT --to-source $PRIV_IP<br />=====================================================================================================<br /></span>If anyone could be kind enough to let me know what extra magic(tm) I need to employ to get at my public IP from inside, I'd be most interested to hear.</div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace"> </div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">Thanks!</div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace"> </div>
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">-Ken</div>
</body></html>