How to configure ufw to forward port 80/443 to internal server hosted on LAN

by

Here’s how you can configure ufw to forward port 80 (HTTP) and 443 (HTTPS) to an internal server hosted on the local area network (LAN):

  1. First, make sure that ufw is installed:
    sudo apt-get install ufw
  2. Enable the firewall:
    sudo ufw enable
  3. Allow incoming traffic on ports 80 and 443:
    sudo ufw allow 80/tcp
    sudo ufw allow 443/tcp
  4. Configure port forwarding using the following commands:
    sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.10:80
    sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.10:443

Replace eth0 with the name of your Internet-facing network interface, and replace 192.168.0.10 with the IP address of the internal server.

  1. Save the firewall rules:
    sudo sh -c "iptables-save > /etc/iptables.rules"
  2. Configure the firewall rules to persist after reboot:
    sudo nano /etc/network/if-pre-up.d/firewall

Add the following contents to the file:

#!/bin/sh
iptables-restore < /etc/iptables.rules
  1. Make the file executable:
    sudo chmod +x /etc/network/if-pre-up.d/firewall

After these steps, incoming traffic on ports 80 and 443 will be forwarded to the internal server at IP address 192.168.0.10.

Leave a Comment