Hi,

I am trying to use iptables on RHEL6 to forward requests on port 4443 to 443 for specific nics.

The reason - there is a feature in haproxy load balancer that allows you to have a check port different to the port you want to send to, this allows a server to stop receiving traffic without restarting haproxy.

I have had this working on RHEL5 on a single nic, but the same commands don't work on 6. SELinux is disabled, there are no other iptables rules.

The lines I used to use are:

/sbin/iptables -t nat -A OUTPUT -p tcp --dport 4443 -j REDIRECT --to-port 443
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 4443 -j REDIRECT --to-port 443

Also -

With a single nic/ip address this works as expected, but with virtual nics and extra ip addresses it doesn't.

Many Thanks

Jon

I persevered with this and got it to work.

The commands are to forward the ports:-

iptables -t nat -A PREROUTING -i bond0 -p tcp -d 192.168.100.160 --dport 4443 -j DNAT --to 192.168.100.160:443
iptables -t nat -A PREROUTING -i bond0 -p tcp -d 192.168.100.161 --dport 4443 -j DNAT --to 192.168.100.161:443
iptables -t nat -A PREROUTING -i bond0 -p tcp -d 192.168.100.162 --dport 4443 -j DNAT --to 192.168.100.162:443

etc.

And to stop the forwarding:-

iptables -t nat -D PREROUTING -i bond0 -p tcp -d 192.168.100.160 --dport 4443 -j DNAT --to 192.168.100.160:443
iptables -t nat -D PREROUTING -i bond0 -p tcp -d 192.168.100.161 --dport 4443 -j DNAT --to 192.168.100.161:443
iptables -t nat -D PREROUTING -i bond0 -p tcp -d 192.168.100.162 --dport 4443 -j DNAT --to 192.168.100.162:443