Hi, I have an existing iptables as follows:- # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT How do add a redirect port 26 to 25. I had googled the net and notice that the syntax is different iptables -A INPUT -p tcp --dport 26 -j ACCEPT iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 regards LC
CentOS List wrote:> Hi, > > I have an existing iptables as follows:- > > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 995 -j > ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > COMMIT > > How do add a redirect port 26 to 25. I had googled the net and notice that > the > syntax is different > > iptables -A INPUT -p tcp --dport 26 -j ACCEPT > iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 > > >*nat # Manipulate nat table :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25 COMMIT
Hi, On Tue, Sep 15, 2009 at 07:43, CentOS List <centoslist at gmail.com> wrote:> How do add a redirect port 26 to 25. I had googled the net and notice that > the syntax is different > > iptables -A INPUT -p tcp --dport 26 -j ACCEPT > iptables -A PREROUTING -t nat -p tcp --dport 26 -j REDIRECT --to-port 25I suggest you use "iptables" commands to add and delete rules until you set the firewall the way you want, and when everything is ready use the "service iptables save" command, that will write a new /etc/sysconfig/iptables with the current rules you have. That way you don't risk having a syntax error or typo prevent your rules from loading during the next reboot. If you want to preview the new file you can run "iptables-save" that will dump the rules to the console where you can inspect them. I also suggest that you make regular backups of /etc/sysconfig/iptables and that you do a backup just before running "service iptables save" just in case something goes wrong... HTH, Filipe