[SOLVED] iptables redirect prerouting stopped working
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
When I first implemented this one prerouting rule a couple of weeks ago, it worked just fine. Yesterday, the server was shut down for some maintenance and brought up again. The prerouting rule was still in place, but the forwarding from port 80 to 8060 stopped functioning. I can internally reach the application on the server on port 8060 just fine, so it's the prerouting that's failing. I took the time to stop remove the rule, stop and start iptables, add the rule back and save it. It still doesn't work. /var/log/messages reflects that queries are making it to the server, but they're not being forwarded from 80 to 8060.
I've seen some forums that suggest that the ip_forward kernel value should be set to 1. But the fact that this worked initially and that another server with the same setting works (with ip_forward at the default of 0) makes me hesitant to implement the change.
Thanks in advance,
Keith
I have another server that has the same ruleset in place and is working just fine.
Could it be that the application is bound to a specific IP? I believe REDIRECT causes packets to be redirected to loopback (127.0.0.1).
Does telnet localhost 8060 work?
Is traffic to the lo interface allowed in the iptables rule set?
telnet localhost 8060 does connect.
I only have the one rule to preroute port 80 requests to port 8060. Up until the system was rebooted yesterday, this was sufficient to make things work as desired. So there's nothing referencing lo. But your question made me check ifconfig, and I just found that my Ethernet interface says eth2, not eth0. I'm not sure if or how that changed, but it looks like the next thing for me to try is change the interface to eth2 in the iptables rule.
Ser Olmy's suggestion helped me find and solve the problem. I'm not sure how it happened, but doing an ifconfig revealed that the Ethernet interface name changed from eth0 and eth2 between the server being brought down for maintenance and brought up again. When I dropped the rule pertaining to eth0 and inserted a new one using eth2 instead, things started flying again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.