Maybe dkm999 is talking about this thread:
http://www.linuxquestions.org/questi...arding-643539/
So the solution would be:
Code:
iptables -t nat -A PREROUTING -p tcp -d xxx.xxx.xxx.xxx --dport 8080 -j DNAT --to yyy.yyy.yyy.yyy:80
abefroman, don't waste your time trying that. It only works if you have an intermediate node on your network (like the author of that thread), but you said you're trying to do it
on the same IP so your case is different. (My case is the same as yours and it didn't work). From the iptables man page:
Quote:
DNAT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains
|
So your packets won't be handled by this iptables rule.
However, some magic may be applied to the above solution: make your box behave as both a router and a server:
Code:
iptables -A INPUT -p tcp --dport 80 -j ROUTE --gw 127.0.0.1
WARNING: I haven't tested the ROUTE target. It's usually not supported.
A user space solution is this:
Code:
simpleproxy -d -L 80 -R localhost:8080
But, like me, you may think that having a daemon is less secure than a packet filter.
To anyone else willing to say "search the forum", please take into account that generic search terms like "port forward" will produce THOUSANDS of irrelevant results. I believe abefroman did search before posting, just like I did. Google and the forum search engine haven't helped us more than the man pages.