alfresco and iptables
Craig White
craigwhite at azapple.com
Sun Dec 9 20:28:29 UTC 2007
On Sun, 2007-12-09 at 14:19 -0600, Les Mikesell wrote:
> Craig White wrote:
> >>
> >> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 \
> >> -j REDIRECT --to-ports 1445
> >> iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445 \
> >> -j REDIRECT --to-ports 1445
> > ----
> > the thing I can't figure out is why they don't show up...
> > # iptables -L
> > Chain INPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain FORWARD (policy ACCEPT)
> > target prot opt source destination
> >
> > Chain OUTPUT (policy ACCEPT)
> > target prot opt source destination
> >
> > even though, I just executed...
>
> You need to explicitly list the nat table:
>
> iptables --list -t nat
----
OK - cool, they're there (line wrapping certain to occur but I'm not
gonna fix it)
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT tcp -- anywhere alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138
REDIRECT udp -- anywhere alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
----
>
>
> > -A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
> > -A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
>
> >
> > At any rate, this hasn't changed anything ;-(
>
>
> I don't think you need the '-m udp/tcp' entries but I'm not sure if they
> hurt anything.
----
I really didn't, I just did an 'service iptables save' and then listed
the output of /etc/sysconfig/iptables just to see what rules were in
place. Evidently, when you save the current rule set by 'service
iptables save', it added the -m tcp/udp designations.
Craig
More information about the fedora-list
mailing list