Solved ipfw rule for web browser on LAN to connect to Node (8888)?

[Espionage724]

I start a server through Node on a computer, and other devices on LAN can connect to it with http://192.168.1.150:8888/etc.cgi

I made this which allows the connections (from ipfw workstation default deny-all):

ipfw add '09000' 'forward' '127.0.0.1,8888' 'tcp' from '192.168.1.0/24' 'any' to '192.168.1.0/24' '8888' 'in'

But I'm looking to make that last any more specific. I tried 80, 443, 8888 all individually and together with 80,443,8888 but couldn't load the webpage from LAN browsers.

 

[SirDice]

But I'm looking to make that last any more specific.

On any TCP/UDP/ICMP connection the source port will be a random port.

 

[SirDice]

Only a few protocols use specific source ports, HTTP isn't one of them.

But, it's generally a bad idea to packet forward external traffic to 127.0.0.1. You're much better off putting a web server (nginx for example) in front of it, and reverse proxy the traffic.

 

[Espionage724]

But, it's generally a bad idea to packet forward external traffic to 127.0.0.1. You're much better off putting a web server (nginx for example) in front of it, and reverse proxy the traffic.

I think I got forward 127.0.0.1 when randomly testing things for the source port, but I was thinking of using allow instead (seems ok with the destination port at 8888?)

ipfw add '09000' 'allow' 'tcp' from '192.168.1.0/24' 'any' to '192.168.1.0/24' '8888' 'in'

 

[SirDice]

I'm very bad at IPFW, but you cannot connect to 127.0.0.1:8888 from say 192.168.1.10. Well, you can, but you're going to connect to yourself, not the intended host.