LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-21-2017, 12:11 PM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,076
Blog Entries: 1

Rep: Reputation: 90
iptables redirection is not working


Hi!

I need to redirect traffic that is reaching my port 80 to port 8080. Right now what I'm doing is starting a ssh tunnel running with sudo (because I have to open port 80 so it can't be done with a plain user) and it works like a charm:

Code:
sudo ssh -L 80:localhost:8080 someuser@localhost
(This is only for local traffic, by the way) I know this same thing should be possible to do by using netfilter. However, when I set up the rule on PREROUTING, it's not working.

Code:
iptables -t nat -A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 8080
When I try connecting to the port (either with a browser or the hard way with telnet), I just get a message saying that the connection could not be established (like the port is closed... as port 80 is, no process listening there) and iptables counter for the rule does not increase. Is there any additional step that has to be carried out these days? I used this trick a few years ago and it worked like a charm.

This is on xubuntu 17.10.

PS I also tried setting DNAT as well but got the same results.

Last edited by eantoranz; 11-21-2017 at 12:23 PM. Reason: clarification
 
Old 11-21-2017, 07:27 PM   #2
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Try
Code:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
 
Old 11-23-2017, 03:51 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,076
Blog Entries: 1

Original Poster
Rep: Reputation: 90
Same result. The rule gets inserted fine but it fails to increase the counter when I try to connect (either with browser or by telnet-ing to port 80).
 
Old 11-25-2017, 12:02 AM   #4
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
Is this firewall on the same box as the web server?
 
Old 11-25-2017, 01:28 AM   #5
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,076
Blog Entries: 1

Original Poster
Rep: Reputation: 90
Yes, web server process is actually a virtual machine that is listening on port 8080.
 
Old 11-26-2017, 02:32 AM   #6
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
OK, it ip address you are trying to ssh to is that the ip of the host machine or the VM?
 
Old 11-28-2017, 03:41 PM   #7
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,076
Blog Entries: 1

Original Poster
Rep: Reputation: 90
I was able to make it work (finally). The only thing is that instead of doing the natting for the traffic as it was going in through lo, I did it on the traffic as it was going out through lo:

Code:
iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to 8080
Thanks for all your help.
 
Old 11-29-2017, 12:41 AM   #8
lazydog
Senior Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,109
Blog Entries: 3

Rep: Reputation: 179Reputation: 179
My fault, I totally missed the -i lo part.
 
  


Reply

Tags
iptables, loopback, redirect, tunnel


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables redirection rexjenny Linux - Networking 2 03-26-2010 09:55 AM
IPTables redirection hazza96 Linux - Networking 8 02-16-2009 02:57 AM
iptables redirection mallikk_in Linux - Networking 11 09-02-2007 02:00 AM
Port redirection with iptables not working as expected. Eric-Mtl Linux - Networking 1 08-16-2007 08:42 AM
Help:iptables redirection swmok Linux - Networking 2 11-24-2004 08:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration