Hi, I'm rather new to ClearOS and the more I read the more I think I made a good decision to use it as a firewall/gateway for my (really) small business network.
I installed ClearOS 6.2 and started to set it up as an inline transparent services platform, and, as such, I already started to set up the network configuration for all the services to be available for users, set up networking bridging, and access to the Internet from the workstations connected to the network works fine.
However, I've been having some issues with port forwarding since I need to allow access from outside the network to certain boxes.
I've tried configuring from the web adminsitrator and from the command line and I seem to be doing something wrong. When consulted, the firewall page states that access in ports 22 and 81 is open (obviously).
SSH SSH TCP 22
webconfig Webconfig TCP 81
When I set up a port forwading rule in the web administrator (for example) access through TCP to 192.168.X.X:80, it is set up and shows as if it was working but it doesn't. In fact, when I try to configure manually /etc/sysconfig/iptables and /etc/clearos/firewall.conf, the rules still don't work nor they show when I call iptables -L -n -v
Contents of /etc/clearos/firewall.conf
Contents of /etc/sysconfig/iptables
#vim: ts=4 syntax=sh
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 81 -j ACCEPT
# These have been tried with all possible combinations of the NICs
-A POSTROUTING -o eth1 -j SNAT --to-source:192.168.0.150
-I PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.151
-A FORWARD -i eth0 -i eth1 -d 192.168.0.151 -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
As I said, iptables -L -n -v doesn't show anything, except for one time for about a few seconds that it showed all the configurations that were running. Connection on ports 81 and 22 is working well, but I don't know what I'm doing wrong.
I already tried by eliminating opening the ports and several alternative configurations but with the same structure and I get nowhere. Any ideas?