LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-28-2013, 04:49 AM   #1
mmhs
Member
 
Registered: Oct 2010
Posts: 99

Rep: Reputation: 1
port forwarding


hi guys

i have a simple question !

i have two ips . a valid and internal(172.16.11.2)
i want to use port forwarding to forward any request to valid IP port 8001 to internal ip port 80 .

i use this rule :
Code:
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 8001 -j DNAT --to-destination 172.16.11.2:80

iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
but there is a problem !

sometime on my apache server http changes to https in some pages ! in this situation redirection does not work !and https page wont load !
how can i fix that !!

or is there any way to forward port to a ip address ??

for example : any request to port 8001 redirect to a ip address ???
 
Old 11-28-2013, 05:43 AM   #2
lpwevers
Member
 
Registered: Apr 2005
Location: The Netherlands
Distribution: SuSE, CentOS
Posts: 142

Rep: Reputation: 20
Well, looks like your HTTP code is doing the switching to https. So either add extra rules to your iptables to accommodate for that (e.g. use port 8443), or tell your HTTP code not to make the switch to https.

Also you can try disabling https support in your webserver; but then again, I'm not sure if you need this for something else.

As for forwarding everything to a single IP-address, that can be done, but that will open every port on that server to the outside world. From a security point of view, that really something you don't want.

Last edited by lpwevers; 11-28-2013 at 05:45 AM.
 
Old 11-28-2013, 06:08 AM   #3
mmhs
Member
 
Registered: Oct 2010
Posts: 99

Original Poster
Rep: Reputation: 1
thx man but it does not help me because switching http to https on my web server is automatically !! and users want to use a port to access to web server !!!

is there any idea ????

is there any way to add a rule to iptables to work interactively !! if web server switches to https iptables work fine and route all traffic to source port (8001) ????

Quote:
Originally Posted by lpwevers View Post
Well, looks like your HTTP code is doing the switching to https. So either add extra rules to your iptables to accommodate for that (e.g. use port 8443), or tell your HTTP code not to make the switch to https.

Also you can try disabling https support in your webserver; but then again, I'm not sure if you need this for something else.

As for forwarding everything to a single IP-address, that can be done, but that will open every port on that server to the outside world. From a security point of view, that really something you don't want.
 
Old 11-28-2013, 03:41 PM   #4
lpwevers
Member
 
Registered: Apr 2005
Location: The Netherlands
Distribution: SuSE, CentOS
Posts: 142

Rep: Reputation: 20
Well, you could try adding something like this (assuming 443 is your https port).
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.11.2:80
but I hardly doubt this will do you any good, as this will direct https traffic to your http port. You could of course open your https port as well:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.11.2:443
Otherwise I'm afraid you're out of luck there. You could of course try disabling https support in your webserver. That at least will prevent it from switching to https.
 
Old 11-29-2013, 10:35 AM   #5
mmhs
Member
 
Registered: Oct 2010
Posts: 99

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by lpwevers View Post
Well, you could try adding something like this (assuming 443 is your https port).
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.11.2:80
but I hardly doubt this will do you any good, as this will direct https traffic to your http port. You could of course open your https port as well:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 172.16.11.2:443
Otherwise I'm afraid you're out of luck there. You could of course try disabling https support in your webserver. That at least will prevent it from switching to https.
thx man but thas is not help me !! i need a solution when a user connect to valid ip port 8001 requests forward to webserver on 172.16.11.2 an even http changes to https pages load for user which connected to port 8001 !!!

is there any idea ???no one ??
 
Old 11-29-2013, 10:47 AM   #6
lpwevers
Member
 
Registered: Apr 2005
Location: The Netherlands
Distribution: SuSE, CentOS
Posts: 142

Rep: Reputation: 20
Quote:
Originally Posted by mmhs View Post
thx man but thas is not help me !! i need a solution when a user connect to valid ip port 8001 requests forward to webserver on 172.16.11.2 an even http changes to https pages load for user which connected to port 8001 !!!

is there any idea ???no one ??
Well good luck with that. I may be really wrong, but I do believe what you want is to have an 1 to n port forwarding. Where iptables decides, based on the type of traffic, to which port of your webserver it should forward. Far as I know that's just not possible in any way.

But hopefully for you, someone will correct me.
 
Old 11-30-2013, 11:29 PM   #7
mmhs
Member
 
Registered: Oct 2010
Posts: 99

Original Poster
Rep: Reputation: 1
no one
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPtables : ssh port forwarding one port to another port issue routers Linux - Networking 5 07-24-2013 12:20 AM
Warning: remote port forwarding failed for listen port 7869 windstory Linux - Newbie 1 08-02-2010 10:07 AM
Shorewall: port forwarding problem, port is closed even after forwarding Synt4x_3rr0r Linux - Networking 2 12-13-2009 04:36 PM
IPCHAINS port forwarding and IPTABLES port forwarding ediestajr Linux - Networking 26 01-14-2007 07:35 PM
Simple Port Forwarding Firewall - not forwarding MadTurki Linux - Security 14 04-09-2006 12:08 PM


All times are GMT -5. The time now is 10:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration