LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-22-2008, 10:28 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,266

Rep: Reputation: 53
How can I forward ports with IPtables? I want to forward 80 to 8080


How can I forward ports with IPtables? I want to forward all requests on 205.xx.xx.xx port 80 to port 8080 on the same IP.
 
Old 05-22-2008, 11:28 PM   #2
dkm999
Member
 
Registered: Nov 2006
Location: Seattle, WA
Distribution: Fedora
Posts: 407

Rep: Reputation: 35
I have just been answering this question for another guy on this site. I recommend that you search these forums for "port forward". If you still have trouble after trying the things already posted about this FAQ, post again.
 
Old 05-23-2008, 03:40 AM   #3
nacio
LQ Newbie
 
Registered: Mar 2007
Location: Italy
Distribution: Debian
Posts: 18

Rep: Reputation: 0
Maybe dkm999 is talking about this thread:
http://www.linuxquestions.org/questi...arding-643539/

So the solution would be:
Code:
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 8080 -j DNAT --to yyy.yyy.yyy.yyy:80
abefroman, don't waste your time trying that. It only works if you have an intermediate node on your network (like the author of that thread), but you said you're trying to do it on the same IP so your case is different. (My case is the same as yours and it didn't work). From the iptables man page:
Quote:
DNAT

This target is only valid in the nat table, in the PREROUTING and OUTPUT chains
So your packets won't be handled by this iptables rule.

However, some magic may be applied to the above solution: make your box behave as both a router and a server:
Code:
iptables -A INPUT -p tcp --dport 80 -j ROUTE --gw 127.0.0.1
WARNING: I haven't tested the ROUTE target. It's usually not supported.


A user space solution is this:
Code:
simpleproxy -d -L 80 -R localhost:8080
But, like me, you may think that having a daemon is less secure than a packet filter.

To anyone else willing to say "search the forum", please take into account that generic search terms like "port forward" will produce THOUSANDS of irrelevant results. I believe abefroman did search before posting, just like I did. Google and the forum search engine haven't helped us more than the man pages.

Last edited by nacio; 05-23-2008 at 03:43 AM.
 
Old 05-23-2008, 10:05 AM   #4
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,266

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by nacio View Post
Maybe dkm999 is talking about this thread:
http://www.linuxquestions.org/questi...arding-643539/

So the solution would be:
Code:
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 8080 -j DNAT --to yyy.yyy.yyy.yyy:80
abefroman, don't waste your time trying that. It only works if you have an intermediate node on your network (like the author of that thread), but you said you're trying to do it on the same IP so your case is different. (My case is the same as yours and it didn't work). From the iptables man page:

So your packets won't be handled by this iptables rule.

However, some magic may be applied to the above solution: make your box behave as both a router and a server:
Code:
iptables -A INPUT -p tcp --dport 80 -j ROUTE --gw 127.0.0.1
WARNING: I haven't tested the ROUTE target. It's usually not supported.


A user space solution is this:
Code:
simpleproxy -d -L 80 -R localhost:8080
But, like me, you may think that having a daemon is less secure than a packet filter.

To anyone else willing to say "search the forum", please take into account that generic search terms like "port forward" will produce THOUSANDS of irrelevant results. I believe abefroman did search before posting, just like I did. Google and the forum search engine haven't helped us more than the man pages.
Thanks!

The first command was basically what I needed, I am just forwarding apache requests to the tomcat server:
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 80 -j DNAT --to xxx.xxx.xxx.xxx:8080

I tried it with an apache proxy before but people were exploiting it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure iptables to forward ports to an internal server ikaro_tatsomura Linux - Networking 1 02-08-2007 06:45 PM
How can I forward all traffic to 10.10.0.10:80 to 10.10.0.20:8080 using IPtables? abefroman Linux - Networking 1 10-06-2005 03:19 PM
cant see .forward file in home directory >> mail forward/copy steve_babbage Linux - Newbie 0 03-02-2004 06:25 AM
Please help me finish setup IPTABLES,all I need is to forward port 8080 pembo13 Linux - Networking 4 07-18-2003 10:28 PM
How to forward ports with iptables? Electrode Linux - Networking 3 11-12-2002 12:04 AM


All times are GMT -5. The time now is 12:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration