LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-17-2007, 06:01 AM   #1
E-Man
LQ Newbie
 
Registered: Jun 2007
Posts: 12

Rep: Reputation: 0
redirecting a port


Hi. I am trying to do something that I think should be simple but it's not working.

I want iptables to accept packets from a remote node to a port on my machine (say 80) and redirect them to a listener daemon that's listening on a different port (say 1024).

so:
Code:
Remote Computer |                 | My Computer
----||----------|                 |------------
    ||          |                 |
Connection ----------------------->Port 80
                |                 |   |
                |                 |   +----Port 1024----> listener
My hours of wading through iptables documentation and articles has led me to believe that this should work:

Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 1024
but it doesn't. I opened a virtual machine and tried to connect to my real machine on port 80 but was unsuccessful (connecting directly to port 1024 works).

Any suggestions would be very much appreciated. I'm using vector linux with a 2.6.21.1 kernel. I believe I have all the necessary modules installed.
 
Old 11-17-2007, 07:30 AM   #2
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,520

Rep: Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873
You also need to add a rule to the FORWARD chain, along these lines.
Quote:
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 80 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
For further reading you could try this,
http://www.linuxquestions.org/questi...a-port-600342/

Oh, BTW, i suggest that you change the order in the rule for the PREROUTING chain, so that it reads
iptables -A PREROUTING -t nat -p tcp --destination-port 80 -j REDIRECT --to-ports 1024
 
Old 11-17-2007, 05:32 PM   #3
E-Man
LQ Newbie
 
Registered: Jun 2007
Posts: 12

Original Poster
Rep: Reputation: 0
thanks for the suggestion. i tried it out and it doesn't seem to work yet so i'm going to back up and see if there's something important that i didn't mention.

My understanding is that a packet will only hit the forward chain if it is destined for another host. The packets i'm trying to redirect are destined for my computer, therefore they wouldn't pass through the rule you suggested I use (??) Maybe I'm just confused...

Anyway, for good measure I also tried adding a rule to the filter:input chain that opened port 80 and 1024... still no success.

Perhaps I should also mention that I'm not doing this from scratch... I'm using kmyfirewall to do most of the dirty work. The entire script is here: http://dark-code.bulix.org/g0a3ob-61329?raw The important lines #s are 78, 93, and 140. Maybe it's doing something else I can't decipher and screwing the whole thing up?

Also, I tried following the link you suggested but I think it's a link to my original post. The Bulletin engine really should check for things like infinite loops ;-)

Thanks again for the help!

Last edited by E-Man; 11-17-2007 at 06:22 PM.
 
Old 11-18-2007, 07:03 AM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 3,520

Rep: Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873Reputation: 873
Sorry about the wrong link! This is what I should have posted.
http://tldp.org/HOWTO/IP-Masquerade-...orwarders.html
 
Old 11-18-2007, 02:39 PM   #5
E-Man
LQ Newbie
 
Registered: Jun 2007
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks very much for the link, I got it working.

In case anyone else has the same problem, I also needed to have port 1024 open in the filter:input chain because after being routed through the forward chain (from port 80 to 1024 then back to my computer) the kernel treats it as a new incoming packet on port 1024. It makes perfect sense but I didn't think of it before.

Thanks again.
 
  


Reply

Tags
forward, iptables, port, redirect


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache: Redirecting to Different Port zok Linux - Networking 1 07-17-2007 12:51 PM
redirecting port on my PC patcito Linux - Networking 3 10-20-2005 05:27 PM
port redirecting st3reo Linux - Networking 3 11-12-2004 06:35 PM
Port redirecting English_Man Linux - Networking 3 03-09-2004 08:40 AM
about port redirecting cmardhekar Linux - Newbie 1 09-13-2001 08:29 AM


All times are GMT -5. The time now is 05:16 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration