[CentOS] iptables nat table rules

Joe DiTommasso jdito at dca.net
Tue Feb 8 19:05:55 UTC 2011


On Tue, Feb 08, 2011 at 12:36:44PM -0600, Carlos S wrote:
> I am forwarding traffic on port 8080 to port 80 with following rule.
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j
> REDIRECT --to-port 80
> # iptables-save
> 
> However, I am unable to add it directly in /etc/sysconfig/iptables. I
> think it is used only for filter table and not nat table. So where do
> nat table rules go?  Any help?
> 
> -
> cs.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

Here's how I have it set up on a box where I'm doing something similar, but for ssh:
# Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010
*nat
:PREROUTING ACCEPT [38:3177]
:POSTROUTING ACCEPT [77:6468]
:OUTPUT ACCEPT [77:6468]
-A PREROUTING -s <ADDRESS> -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 4022
COMMIT
# Completed on Fri Sep 17 10:39:51 2010
# Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [660935177:1131719310086]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
(Normal iptables config continues)

Also, once you add the rule with the iptables command, have you tried iptables-save?  That should give you a dump of all the rules that are in effect.
Joe



More information about the CentOS mailing list