LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-15-2010, 11:00 PM   #1
NoOnee
LQ Newbie
 
Registered: Oct 2010
Posts: 3

Rep: Reputation: 0
Question Question about IP Tables


Very, very new to this... be gentle please

Can you forward two ports at the same time?

The command i'm using:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000


I tried:
iptables -t nat -A PREROUTING -p tcp --destination-ports 80,443 -j REDIRECT --to-ports 10000

it didn't work.

Any suggestions please?

Thanks.
 
Old 10-16-2010, 04:08 AM   #2
screwuphead
LQ Newbie
 
Registered: Nov 2007
Posts: 5

Rep: Reputation: 0
If a port is currently in use you cannot have it being used by a second device.
 
Old 10-16-2010, 02:49 PM   #3
NoOnee
LQ Newbie
 
Registered: Oct 2010
Posts: 3

Original Poster
Rep: Reputation: 0
I tried the second line instead of the first, not at the same time... it didn't work..
 
Old 10-24-2010, 11:08 PM   #4
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 376Reputation: 376Reputation: 376Reputation: 376
Quote:
Originally Posted by NoOnee View Post
Very, very new to this... be gentle please

Can you forward two ports at the same time?

The command i'm using:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000


I tried:
iptables -t nat -A PREROUTING -p tcp --destination-ports 80,443 -j REDIRECT --to-ports 10000

it didn't work.

Any suggestions please?

Thanks.
If you want to do them both in the same rule you'll need to use the multiport match, like:
Code:
iptables -t nat -A PREROUTING -p TCP -m multiport --dports 80,443 -j REDIRECT --to-ports 10000
...but there's nothing to stop you from simply using two consecutive rules (the effect is the same), like:
Code:
iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p TCP --dport 443 -j REDIRECT --to-ports 10000
That said, keep in mind that HTTPS can't be transparently proxied unless you do a MITM attack.

Also, it's a good idea to specify the relevant network interface in these cases, like (for example):
Code:
iptables -t nat -A PREROUTING -p TCP -i eth1 -m multiport --dports 80,443 -j REDIRECT --to-ports 10000

Last edited by win32sux; 10-24-2010 at 11:12 PM.
 
Old 10-24-2010, 11:45 PM   #5
joec@home
Member
 
Registered: Sep 2009
Location: Galveston Tx
Posts: 291

Rep: Reputation: 70
Quote:
Originally Posted by NoOnee View Post
I tried:
iptables -t nat -A PREROUTING -p tcp --destination-ports 80,443 -j REDIRECT --to-ports 10000
The one thing I would note of this is that Port 80 is for Unencrypted HTTP access where as Port 443 is for Encrypted HTTP access. The ports need to be separated in order to function if you are actually trying to connect the ports to a web server verses some king of TCP dump to some thing that just happens to listen for traffic on the port.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
A stoopid question about Tables.... Post Modern Programming 2 09-17-2006 02:43 AM
Confusing IP Tables Question Crimmy Linux - Networking 10 05-09-2006 12:25 PM
question about linking tables in MySQL nephish Programming 5 04-28-2006 03:27 AM
THANKS TO ALL..another question? Is there is posible to modified IP Tables? Lancelot1914 Linux - Newbie 1 06-04-2005 02:44 AM
Completely unrelated question: HTML->Tables->Columns Ctawp Linux - Software 6 08-07-2003 01:31 PM


All times are GMT -5. The time now is 01:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration