How to redirect a port using IPTables in Red Hat Linux (RHEL)?

port-forwarding iptables redhat-enterprise-linux

8,924

Solution 1

Does file /etc/syscongfig/iptables have correct structure for iptables-restore?

Try to add this rule manually to firewall

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

And compare /etc/sysconfig/iptables with output of iptables-save command

Solution 2

This is your iptables rule:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But I believe it should be something like this instead:

-A PREROUTING -t nat -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

Note the -m tcp is added. While -p tcp matches the protocol of the rule or of the packet to check, -m tcp explicitly tells IPTables to match a TCP packet. It seems confusing, but from all I know, -p tcp needs to be paired with -m tcp when port specific rules are invoked.

If someone else can expand the rationale/logic behind this requirement please chime in about it in the comments.

8,924

Ondra Žižka

Updated on September 18, 2022

Comments

Ondra Žižka over 1 year

I'd like to forward port 80 to 8080. So I tried to edit /etc/syscongfig/iptables:

-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

But got:

# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules: iptables-restore v1.4.7: 
          Line 8 seems to have a -t table  option.

What's the problem? How should it be done?

Daniel B over 8 years

The -m tcp is added automatically because -p tcp is specified. You can see this when you execute iptables-save. While iptables can be quite complex, it does its best to aid the user.
Daniel B over 8 years

Related: Error when doing port forwarding with iptables?