How to redirect a port using IPTables in Red Hat Linux (RHEL)?
Solution 1
Does file /etc/syscongfig/iptables
have correct structure for iptables-restore?
Try to add this rule manually to firewall
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
And compare /etc/sysconfig/iptables
with output of iptables-save
command
Solution 2
This is your iptables
rule:
-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
But I believe it should be something like this instead:
-A PREROUTING -t nat -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
Note the -m tcp
is added. While -p tcp
matches the protocol of the rule or of the packet to check, -m tcp
explicitly tells IPTables to match a TCP packet. It seems confusing, but from all I know, -p tcp
needs to be paired with -m tcp
when port specific rules are invoked.
If someone else can expand the rationale/logic behind this requirement please chime in about it in the comments.
Related videos on Youtube
Ondra Žižka
Updated on September 18, 2022Comments
-
Ondra Žižka over 1 year
I'd like to forward port 80 to 8080. So I tried to edit
/etc/syscongfig/iptables
:-A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
But got:
# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: iptables-restore v1.4.7: Line 8 seems to have a -t table option.
What's the problem? How should it be done?
-
Daniel B over 8 yearsThe
-m tcp
is added automatically because-p tcp
is specified. You can see this when you executeiptables-save
. Whileiptables
can be quite complex, it does its best to aid the user. -
Daniel B over 8 years