I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help? - cs.
On Tue, Feb 8, 2011 at 1:36 PM, Carlos S <neubyr at gmail.com> wrote:> I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80 > # iptables-save > > However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? ?Any help? >IIANM, *filter, *nat, and *mangle demark the beginning of rules for the respective tables in the iptables file. If you don't have any rules for a given table, you may not have that marker. HTH, -Bob
On Tue, Feb 08, 2011 at 12:36:44PM -0600, Carlos S wrote:> I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80 > # iptables-save > > However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? Any help? > > - > cs. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centosHere's how I have it set up on a box where I'm doing something similar, but for ssh: # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *nat :PREROUTING ACCEPT [38:3177] :POSTROUTING ACCEPT [77:6468] :OUTPUT ACCEPT [77:6468] -A PREROUTING -s <ADDRESS> -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 4022 COMMIT # Completed on Fri Sep 17 10:39:51 2010 # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [660935177:1131719310086] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT (Normal iptables config continues) Also, once you add the rule with the iptables command, have you tried iptables-save? That should give you a dump of all the rules that are in effect. Joe
On Tuesday 08 February 2011 13:36, Carlos S wrote:> I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80Shouldn't that be '--to-ports'? http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET> # iptables-saveservice iptables save That should save the rules.> However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? Any help?Same place, /etc/sysconfig/iptables. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/