LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-25-2014, 10:30 AM   #1
happyjack
LQ Newbie
 
Registered: Nov 2007
Location: MIchigan
Distribution: Ubuntu / RedHat
Posts: 3

Rep: Reputation: 0
Question local redirect IP Tables dnat external IP from Port 443 to 2443


Hello all,
I have a problems and I am in need of some assistance. For transparency sake, I have posted this question on stackoverflow.com

I have a situation that I need some assistance with. I have a program that connects to an external device over 443. The customer has configured the port of the device to 2443. Currently I am running Ubuntu 12.04 and I need to be able to connect to this device with my program. I have tried to add some iptables for DNat but I am running into some problems.

The computer that I am running the program on is Ubuntu 12.04 eth0 192.168.0.12 I need to have my local computer ('iptables') translate the request 173.15.x.x:443 to 173.15.x.x:2443. This program that I am running is not web based so a html proxy will not work. I would like my local computer (ubuntu 12.04) to do a forward or translation for port 443 -> 2443 out and translate 2443 -> back in again.

Here are the IP tables that I have tried:
Code:
iptables -t nat -A INPUT  -j LOG --log-level 7
iptables -t nat -A PREROUTING  -j LOG --log-level 7
iptables -t nat -A POSTROUTING  -j LOG --log-level 7
iptables -t nat -A OUTPUT  -j LOG --log-level 7
iptables -t nat -A PREROUTING -p tcp -s 192.168.0.12 -d 173.15.x.x --dport 443 -j DNAT --to-destination 173.15.x.x:2443
iptables -t nat -A POSTROUTING -p tcp --dport 2443 -j MASQUERADE
I have been using firefox to verify the redirect (by looking at the logs)
Code:
Mar 24 13:24:42 sat-utils kernel: [ 1866.123026] IN= OUT=eth0 SRC=192.168.0.12 DST=173.15.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=16937 DF PROTO=TCP SPT=40025 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Mar 24 13:24:42 sat-utils kernel: [ 1866.123037] IN= OUT=eth0 SRC=192.168.0.12 DST=173.15.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=16937 DF PROTO=TCP SPT=40025 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Mar 24 13:24:42 sat-utils kernel: [ 1866.185679] IN= OUT=eth0 SRC=192.168.0.12 DST=173.15.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=54119 DF PROTO=TCP SPT=40026 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Mar 24 13:24:42 sat-utils kernel: [ 1866.185692] IN= OUT=eth0 SRC=192.168.0.12 DST=173.15.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=54119 DF PROTO=TCP SPT=40026 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
I am not sure what I am doing wrong. Any advice would be helpful and grateful. Thanks,
HappyJack
 
Old 03-25-2014, 11:12 AM   #2
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,127
Blog Entries: 2

Rep: Reputation: 124Reputation: 124
Since it is a local machine that you want redirected your dnat rule needs to be in nat OUTPUT instead of nat PREROUTING. The rules you put in place will work for remote machines routing through this one.

iptables -t nat -A OUTPUT -p tcp -s 192.168.0.12 -d 173.15.x.x --dport 443 -j DNAT --to-destination 173.15.x.x:2443

also it being the local machine means you shouldn't need the masquerade rule either.
 
1 members found this post helpful.
Old 03-25-2014, 06:51 PM   #3
happyjack
LQ Newbie
 
Registered: Nov 2007
Location: MIchigan
Distribution: Ubuntu / RedHat
Posts: 3

Original Poster
Rep: Reputation: 0
Thumbs up

Thanks for the help, that worked great. I was thinking that my direction was wrong and yes, OUTPUT makes so much sense.

Thanks again,
HappyJack

Quote:
Originally Posted by estabroo View Post
Since it is a local machine that you want redirected your dnat rule needs to be in nat OUTPUT instead of nat PREROUTING. The rules you put in place will work for remote machines routing through this one.

iptables -t nat -A OUTPUT -p tcp -s 192.168.0.12 -d 173.15.x.x --dport 443 -j DNAT --to-destination 173.15.x.x:2443

also it being the local machine means you shouldn't need the masquerade rule either.
 
  


Reply

Tags
dnat, forward, iptables, portforward


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirect local port chenja Linux - Enterprise 1 09-29-2011 02:23 PM
Port redirect 8443 to 443 roshan.s Linux - Networking 4 07-15-2011 02:40 AM
[SOLVED] Iptables redirect from one local port to another dr_doom Linux - Networking 2 02-28-2011 11:19 PM
redirect an ip to an external ip/port rogerdv Linux - Networking 2 08-09-2009 12:34 PM
redirect some http requests to port 443. FMH Linux - Software 5 09-17-2007 09:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration