Re: [CentOS] NAT from eth0:0 port 80 to lo port 8080?

11 May 2007


      Thanks, Florin and Robert, for your suggestions.
I'm still stumped, though.
This rule looks to be the REDIRECT rule that Robert suggests.  
Unfortunately, as I have it written here, it fail instantly --  
telnetting to port 80 causes an instant error.
    iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to- 
ports 127.0.0.1:8080
This gets packets in, but no reply:
    iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j  
DNAT --to-destination 127.0.0.1:8080
Florin, I did try running tcpdump before -- good to hear this was a  
sound way to debug this; the above "no reply" rule shows the  
following packet:
    19:47:07.707346 IP [my laptop's ip address].39679 >  
64.61.61.112.http: S 4212369272:4212369272(0) win 5840 <mss  
1460,sackOK,timestamp 1264677320 0,nop,wscale 2>
So, I'm still stumped.
The exact iptables rules are below.
Any other thoughts? There's not something besides /proc/sys/net/ipv4/ 
ip_forward that needs to be twiddled, is there?
best,
Jeff
...
% iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source                
destination
  197 20881 RH-Firewall-1-INPUT  all  --  any    any      
anywhere             anywhere
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source                
destination
    0     0 RH-Firewall-1-INPUT  all  --  any    any      
anywhere             anywhere
Chain OUTPUT (policy ACCEPT 139 packets, 36106 bytes)
pkts bytes target     prot opt in     out     source                
destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target     prot opt in     out     source                
destination
    8  1688 ACCEPT     all  --  lo     any     anywhere              
anywhere
    1    84 ACCEPT     icmp --  any    any     anywhere              
anywhere            icmp any
    0     0 ACCEPT     ipv6-crypt--  any    any      
anywhere             anywhere
    0     0 ACCEPT     ipv6-auth--  any    any      
anywhere             anywhere
    0     0 ACCEPT     udp  --  any    any     anywhere              
224.0.0.251         udp dpt:5353
    0     0 ACCEPT     udp  --  any    any     anywhere              
anywhere            udp dpt:ipp
  181 18689 ACCEPT     all  --  any    any     anywhere              
anywhere            state RELATED,ESTABLISHED
    2   120 ACCEPT     tcp  --  any    any     anywhere              
anywhere            state NEW tcp dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     anywhere              
anywhere            state NEW tcp dpt:http
    0     0 ACCEPT     tcp  --  any    any     anywhere              
anywhere            state NEW tcp dpt:webcache
    5   300 ACCEPT     tcp  --  eth1   any     anywhere              
anywhere            tcp dpt:5666
    0     0 REJECT     all  --  any    any     anywhere              
anywhere            reject-with icmp-host-prohibited
--
Jeff Potter
http://www.atof.net/go/boston

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] NAT from eth0:0 port 80 to lo port 8080?