Hi,
I have an existing iptables as follows:-
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
How do add a redirect port 26 to 25. I had googled the net and notice that the syntax is different
iptables -A INPUT -p tcp --dport 26 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
regards LC
CentOS List wrote:
Hi,
I have an existing iptables as follows:-
# Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
How do add a redirect port 26 to 25. I had googled the net and notice that the syntax is different
iptables -A INPUT -p tcp --dport 26 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
*nat # Manipulate nat table
:PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
COMMIT
<snip>
*nat # Manipulate nat table
:PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
COMMIT
Thanks Christopher,
I had updated my rules to
*nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 COMMIT # Completed
When I did a restart, there is an error.
Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: nat mangle filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore v1.3.5: Line 52 seems to have a -t table option.
Error occurred at line: 52 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED]
Line 52 is -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
Regards
Wed, Sep 16, 2009 ve 03:31:43PM +0800, CentOS List napsal:
<snip>
*nat # Manipulate nat table
:PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
COMMIT
Thanks Christopher,
I had updated my rules to
*nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 COMMIT # Completed
When I did a restart, there is an error.
Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: nat mangle filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore v1.3.5: Line 52 seems to have a -t table option.
Error occurred at line: 52 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED]
Line 52 is -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
Regards
Never (if you aren't guru) edit your iptables by directly editing your config. Always use iptables binary.
It is said there... -t option shouldn't be on that line. The line should be only -A PREROUTING -p tcp --dport 26 -j REDIRECT --to-port 25 because you're already in the *nat section of the config.
But again, you should enter this command instead of editing the config: iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
regards Tomas
<snip>
Never (if you aren't guru) edit your iptables by directly editing your config. Always use iptables binary.
It is said there... -t option shouldn't be on that line. The line should be only -A PREROUTING -p tcp --dport 26 -j REDIRECT --to-port 25 because you're already in the *nat section of the config.
But again, you should enter this command instead of editing the config: iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
Thanks Tomas and Christopher
Thanks Christopher,
I had updated my rules to
*nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 COMMIT # Completed
When I did a restart, there is an error.
Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: nat mangle filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: iptables-restore v1.3.5: Line 52 seems to have a -t table option.
Argh...forgot to take the '-t nat' part out.
Error occurred at line: 52 Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED]
Line 52 is -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
Just delete the '-t nat' portion. The table has already been set above (*nat).
Hi,
On Tue, Sep 15, 2009 at 07:43, CentOS List centoslist@gmail.com wrote:
How do add a redirect port 26 to 25. I had googled the net and notice that the syntax is different
iptables -A INPUT -p tcp --dport 26 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25
I suggest you use "iptables" commands to add and delete rules until you set the firewall the way you want, and when everything is ready use the "service iptables save" command, that will write a new /etc/sysconfig/iptables with the current rules you have. That way you don't risk having a syntax error or typo prevent your rules from loading during the next reboot. If you want to preview the new file you can run "iptables-save" that will dump the rules to the console where you can inspect them. I also suggest that you make regular backups of /etc/sysconfig/iptables and that you do a backup just before running "service iptables save" just in case something goes wrong...
HTH, Filipe
2009/9/15 Filipe Brandenburger filbranden@gmail.com:
I suggest you use "iptables" commands to add and delete rules until you set the firewall the way you want, and when everything is ready use the "service iptables save" command, that will write a new /etc/sysconfig/iptables with the current rules you have.
Typing iptables commands alone may get boring, so you can also write your own script, with variables and stuff to make things easier and then use "service iptables save" when everything is OK. Keep your own script around so you can test new rules. But you can rest assured that if anything goes wrong, your firewall will always load the last saved set of rules. That's what I do and it works just fine for me.
-
CentOS List -
Chan Chung Hang Christopher -
Christopher Chan
-
Diogo Sperb Schneider -
Filipe Brandenburger -
Tomas Ruprich