SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001555: Port forwarding port 80 from RED to any internal zone doesn't work - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001555Endian FirewallFirewall (iptables)public2009-02-08 23:162010-03-12 14:52
Assigned Topeter-endian 
StatusclosedResolutionunable to reproduce 
PlatformOSOS Version
Product Version2.2-rc3 
Target VersionFixed in Version 
Summary0001555: Port forwarding port 80 from RED to any internal zone doesn't work
DescriptionI've been using Endian 2.2rc3 for some time now and I must say you guys have done a very good job, specially in terms of features and usability. Congratulations!

Although I never had problems with Endian, now I had to set up a port forwarding for an internal webserver that MUST listen at port 80 on the RED zone and my problems started... although the forwarding rule is created without trouble, the port forwarding from RED port 80 to any other internal port (have tried both green and orange zones) doesn't work. If the port forwarding is set up with any port other than 80 at the red interface it works fine, but specifically with port 80 the connection never happens.

Initially I suspected that port 80 could be internally used by some other service, as we can see in the Firewall-->system access-->show rules of system services. By manually changing the port to 82 in /etc/firewall/inputfw/apache.conf I was able to move the admin web interface to port 82 in the green interface. Anyway, the port forwarding continues not working from RED port 80. The outgoing firewall is disabled, as well as the interzone firewall and the HTTP proxy.

I'd be very pleased if someone could help us a bit, as nothing else seems to work.

Thank you!
TagsNo tags attached.
Attached Files

- Relationships
child of 0001927confirmed Reports to be checked - collecting ticket 

-  Notes
junniox (reporter)
2009-02-09 20:38

I also use the Endian Firewall Community 2.2RC3 and had no problems with port forwarding.
I created a new rule in Firewall>> Port forwarding / NAT to redirect all requests to the red zone, port 80 to the IP address of my Web server on the same port 80 (if the port that my Web server listens)

Get answer to the firewall of your Web server, it may be blocking the port 80.
In my case, use the Ubuntu 8.10 and the firewall of the Web server is configured to accept all requests to port 80. (For ease of setup I installed Firestarter, it is easy to use and very efficient, a good front end for iptables)

Once released to port 80 (or the configured port) of your web server use the command nmap any Linux computer connected to the same network to test the status of port:

nmap -p <port> <Web server IP>

the status must be OPEN

The second test is on port 80 of the uplink:

nmap-p 80 <uplink IP>

The status should be OPEN

OK, now go to your web browser and type http://<uplink [^] IP>

A request coming from the Internet on port 80 (http) and it stops at the EFW forwards this request to your webserver, the port configured for you.

You can control who has access to the service via http EFW, for example, you can allow http access to your webserver only one IP address, network, etc..

I hope I have helped you.

Big hug from a brazillian friend.

P.S.: Congratulations to all the team of EFW Community, hard work = best results!
chffelix (reporter)
2009-02-12 01:18
edited on: 2009-02-12 01:23

Hi Junniox!

Thanks for your prompt help! Before I open this bug, I had tried isolating the red zone into a separate network segment where I had a notebook to nmap it from the outside, but port 80 was never showing up. If I forwarded any other port (81 or whatever else) it would work just fine, show up in nmap and everything.. very weird! I suspect there might be some hidden issue related to zones other than green, since I restarted from scratch and just forwarded port 80 to a machine in the green zone and it worked (?!). I also had a lot of trouble with proxy not working at all, I had it set up transparent in the green zone and authenticated in the blue zone, but nothing really got blocked, in spite of leaving the rules set to content filter all the time and having some test sites blocked.

I really don't know what happened that day.. guess it was "murphy's law" in action, since my client was right there watching everything go wrong without any reasonable explanation.. hehe. I will now try adding another zone to see if I can reproduce the problem.. since that day I did it many times starting with multiple zones and the behavior was consistently wrong.

Thank you again for your help, I'll keep you updated of any progress/regression on this.

- Issue History
Date Modified Username Field Change
2009-02-08 23:16 chffelix New Issue
2009-02-08 23:16 chffelix Assigned To => peter-endian
2009-02-09 20:38 junniox Note Added: 0001949
2009-02-12 01:18 chffelix Note Added: 0001956
2009-02-12 01:23 chffelix Note Edited: 0001956
2009-06-10 12:53 peter-endian Relationship added child of 0001927
2010-03-12 14:52 ra-endian Status new => closed
2010-03-12 14:52 ra-endian Resolution open => unable to reproduce

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker