Forward connections on 0.0.0.0:80 to 127.0.0.1:9091
Solution 1
This should do the trick:
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 \
-j REDIRECT --to-ports 127.0.0.1:9091
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 \
-j REDIRECT --to-ports 127.0.0.1:9090
Solution 2
You could try enabling routing to localhost in the kernel:
sysctl -w net.ipv4.conf.eth0.route_localnet=1 when eth0 is the NIC of the machine.
See accepted answer on this post: https://unix.stackexchange.com/questions/111433/iptables-redirect-outside-requests-to-127-0-0-1
Related videos on Youtube
06 : 18
10 : 00
03 : 17
02 : 26
04 : 05
azzid
Updated on September 18, 2022Comments
-
azzid over 1 year
I'm trying to set up a tor-relay.
In order to allow tor to present a static web page explaining what it is I want the server to listen on port 80 and 443.
In order to allow tor to use accounting/hibernation (throttle bandwidth after a data limit has been reached) I need the process to bind to >1024 port numbers (so that a non-privileged user can rebind the ports I guess).
Hence my tor configuration looks like such:
ORPort 443 NoListen ORPort 127.0.0.1:9090 NoAdvertise DirPort 80 NoListen DirPort 127.0.0.1:9091 NoAdvertise DirPortFrontPage /etc/tor/tor-exit-notice.htmlAfter starting the server I can access the html-file localy:
$ wget 127.0.0.1:9091 --2013-08-12 14:27:49-- http://127.0.0.1:9091/ Connecting to 127.0.0.1:9091... connected. HTTP request sent, awaiting response... 200 OK Length: 6762 (6.6K) [text/html] Saving to: `index.html' 100%[=============================>] 6,762 --.-K/s in 0.005s 2013-08-12 14:28:15 (1.21 MB/s) - `index.html' saved [6762/6762]And the ports seem opened properly:
$ sudo netstat -lnp | grep tor tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 6328/tor tcp 0 0 127.0.0.1:9090 0.0.0.0:* LISTEN 6328/tor tcp 0 0 127.0.0.1:9091 0.0.0.0:* LISTEN 6328/torIn order to get the last part working, where connections on 0.0.0.0:80 are redirected to 127.0.0.1:9091 I've tried using iptables.
$ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 443 -j DNAT --to-destination 127.0.0.1:9090 $ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 127.0.0.1:9091 $ sudo iptables -t nat -L -n Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:127.0.0.1:9090 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:127.0.0.1:9091 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destinationBut when I connect to the external ip on port 80 I get no response.
I've tried with ip_forward both on and off, neither works:
$ sudo sysctl net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1 $ sudo sysctl net.ipv4.ip_forward=0 net.ipv4.ip_forward = 0I've even tried MASQUERADE-ing, but it does'nt work, and I don't think it should be necessary:
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADEI've also tried PREROUTING per suggestion below, but it does not work:
$ sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-port 127.0.0.1:9091 iptables v1.4.14: REDIRECT: Bad value for "--to-ports" option: "127.0.0.1:9091" Try `iptables -h' or 'iptables --help' for more information.What am I doing wrong?
The server is a raspberry pi, running wheezy with only the built in network interface connected directly to the internet with a public ip.
-
azzid over 10 yearsDoes not seem to work.
iptables v1.4.14: REDIRECT: Bad value for "--to-ports" option: "127.0.0.1:9091" -
Ihmahr over 10 yearsDidn't work, but this did: sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j REDIRECT --to-ports 9030
