iptables -- trying to redirect, but doesn't work (and related guru question)
John G. Norman
john.g.norman at gmail.com
Mon May 2 13:30:28 UTC 2005
Trevor,
THANKS for the reply, but that didn't work. In fact, -j REDIRECT to a
certain port and -j DNAT are equivalent (though with DNAT you have to
say "--to 192.168.10.101:8080 (give an IP and a port). (For just one
explanation of this, see
http://www.linuxsecurity.com/content/view/117557/49/ where they note:
"REDIRECT: This is a specialized case of DNAT that alters the
destination IP address to send the packet to the machine itself. This
is useful in circumstances where one wishes to redirect web traffic to
a local proxy server, such as squid."
In any case, I tried your suggestion:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
192.168.10.101:8080
Still doesn't work.
My related guru question is: How can I tell on a running system if the
kernel was compiled with "fast switching" for the network? Apparently
this has to be set to OFF for this kind of redirection to work.
John
On 5/2/05, fedora-list-request at redhat.com
<fedora-list-request at redhat.com> wrote:
> 6. Re: iptables -- trying to redirect, but doesn't work
> (Trevor "TeC" Christian)
> ------------------------------
>
> Message: 6
> Date: Sun, 01 May 2005 23:15:33 -0400
> From: "Trevor \"TeC\" Christian" <trevor at bouyon.dalive.com>
> Subject: Re: iptables -- trying to redirect, but doesn't work
> To: john at 7fff.com, For users of Fedora Core releases
> <fedora-list at redhat.com>
> Message-ID: <42759B55.2050100 at bouyon.dalive.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> John G. Norman wrote:
>
> >Hi.
> >
> >I'm trying to redirect from one port to another with iptables
> >(destination NAT -- transparent proxying . . . e.g., "destination NAT"
> >in this article: http://www.linux-mag.com/content/view/849/2236/).
> >
> >I've done this many times before, including on SuSE and various
> >flavors of BSD (with ipfw).
> >
> >For some reason I can't get it to work on Fedora 3.
> >
> >I do have ip forwarding on (/proc/sys/net/ipv4/ip_forward shows 1)
> >
> >The command I am trying to use is:
> >
> >/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> >REDIRECT --to-port 8080
> >
> >
> I think this should probably by
> /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-port 8080
>
> I believe that's what works for me...
>
> --
> *Trevor "TeC" Christian*
> Cell #: (767) 225 4472
> IM
> MSN: trevorc98 at hotmail.com / trevor at bouyon.dalive.com
> YM : trevorc01
> AIM: DoubleOTeC
> ------------------------------------------------------------------------
> Curriculum Vitae (PDF) <http://bouyon.dalive.com/cv/curriculum_vitae.pdf>
> Curriculum Vitae (HTML) <http://bouyon.dalive.com/cv/curriculum_vitae.html>
>
> ------------------------------
More information about the fedora-list
mailing list