I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save
However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help?
- cs.
On Tue, Feb 8, 2011 at 1:36 PM, Carlos S neubyr@gmail.com wrote:
I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save
However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help?
IIANM, *filter, *nat, and *mangle demark the beginning of rules for the respective tables in the iptables file. If you don't have any rules for a given table, you may not have that marker.
HTH, -Bob
On Tue, Feb 08, 2011 at 12:36:44PM -0600, Carlos S wrote:
I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save
However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help?
cs. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Here's how I have it set up on a box where I'm doing something similar, but for ssh: # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *nat :PREROUTING ACCEPT [38:3177] :POSTROUTING ACCEPT [77:6468] :OUTPUT ACCEPT [77:6468] -A PREROUTING -s <ADDRESS> -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 4022 COMMIT # Completed on Fri Sep 17 10:39:51 2010 # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [660935177:1131719310086] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT (Normal iptables config continues)
Also, once you add the rule with the iptables command, have you tried iptables-save? That should give you a dump of all the rules that are in effect. Joe
On Tuesday 08 February 2011 13:36, Carlos S wrote:
I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80
Shouldn't that be '--to-ports'?
http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET
# iptables-save
service iptables save
That should save the rules.
However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help?
Same place, /etc/sysconfig/iptables.
Thanks for the help.
Robert, you pointed out the mistakes correctly. Not sure why I used iptables-save command at first place...
-- cs.
On Tue, Feb 8, 2011 at 2:08 PM, Robert Spangler mlists@zoominternet.net wrote:
On Tuesday 08 February 2011 13:36, Carlos S wrote:
I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80
Shouldn't that be '--to-ports'?
http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET
# iptables-save
service iptables save
That should save the rules.
However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help?
Same place, /etc/sysconfig/iptables.
--
Regards Robert
Linux The adventure of a lifetime.
Linux User #296285 Get Counted http://counter.li.org/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tuesday 08 February 2011 16:43, Carlos S wrote:
Thanks for the help.
You are welcome.
Robert, you pointed out the mistakes correctly. Not sure why I used iptables-save command at first place...
Most likely because in ever other distro and web page that is the way to do it. It's just RH that it is different.
-
Bob Beers -
Carlos S -
Joe DiTommasso -
Robert Spangler