persist port routing from 80 to 8080
Solution 1
You can add this command in /etc/rc.local
, so it will be executed automatically after reboot .
Solution 2
Use the iptables-save
command instead.
Firewall rules should never go into rc.local
script. rc.local
is the last thing to be executed. If a block rule has been placed into rc.local
there is a small time frame where an attacker can exploit a rule not being in place.
While it probably doesn't matter with this situation, it is still best to not get into a bad habit that may bite you later.
Solution 3
Here is how the official iptables' documentation teaches us. See here
Add these two lines in /etc/network/interfaces
:
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
The line post-down iptables-save > /etc/iptables.rules
will save the rules to be used on the next boot.
Related videos on Youtube
Ph0en1x
Founder and architect in Centaurea (http://centaurea.io) - awesome software development and consulting company that specialises in construction of high-load, scalable, distributed and Big Data processing systems.
Updated on September 18, 2022Comments
-
Ph0en1x over 1 year
I use amazon EC2 instance which works via ubuntu. By default according security restrictions I can't bin my application to port 80, so I just bind it port 8080 and then set routing redirect from port 80 to 8080 via the following command:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080
But I found that when I reboot the server this settings no longer active untill I invoke this command again.
So my question is how to enable port's redirect work even if system was rebooted?
-
Ph0en1x about 10 yearsAlready did that, but still thanks for the answer
-
nux about 10 yearswelcome my friend , thats a good trick
-
Dirk Groeneveld over 8 yearsThis works, but the real answer is @MeOMy's answer below.
-
birgersp about 8 yearsran "sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8080" and "sudo iptables-save". But routing was reset on reboot. Did I misunderstand how to do this?
-
Thomas Ward over 7 yearsThe answer is incomplete.
iptables-save > some-file-path
saves the rules, and then you would restore them viaiptables-restore < some-file-path
inrc.local
. Or installiptables-persistent
which does this during boot as a service. -
DeeJayh about 7 yearsKudos for using the officially recommended method and, in this case, simplest method, to complete this task. I'd +2 if I could for using the KISS method.
-
birgersp almost 6 yearsI'd like to understand how to do this. Be more specific, please