Re: iptables -- trying to redirect, but doesn't work (and related guru question)
From: John G. Norman (john.g.norman_at_gmail.com)
Date: 05/02/05
- Previous message: Mark Haney: "Xorg configuration"
- Next in thread: David Cary Hart: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Reply: David Cary Hart: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Reply: Alexander Dalloz: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 2 May 2005 09:30:28 -0400 To: fedora-list@redhat.com
Trevor,
THANKS for the reply, but that didn't work. In fact, -j REDIRECT to a
certain port and -j DNAT are equivalent (though with DNAT you have to
say "--to 192.168.10.101:8080 (give an IP and a port). (For just one
explanation of this, see
http://www.linuxsecurity.com/content/view/117557/49/ where they note:
"REDIRECT: This is a specialized case of DNAT that alters the
destination IP address to send the packet to the machine itself. This
is useful in circumstances where one wishes to redirect web traffic to
a local proxy server, such as squid."
In any case, I tried your suggestion:
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
192.168.10.101:8080
Still doesn't work.
My related guru question is: How can I tell on a running system if the
kernel was compiled with "fast switching" for the network? Apparently
this has to be set to OFF for this kind of redirection to work.
John
On 5/2/05, fedora-list-request@redhat.com
<fedora-list-request@redhat.com> wrote:
> 6. Re: iptables -- trying to redirect, but doesn't work
> (Trevor "TeC" Christian)
> ------------------------------
>
> Message: 6
> Date: Sun, 01 May 2005 23:15:33 -0400
> From: "Trevor \"TeC\" Christian" <trevor@bouyon.dalive.com>
> Subject: Re: iptables -- trying to redirect, but doesn't work
> To: john@7fff.com, For users of Fedora Core releases
> <fedora-list@redhat.com>
> Message-ID: <42759B55.2050100@bouyon.dalive.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> John G. Norman wrote:
>
> >Hi.
> >
> >I'm trying to redirect from one port to another with iptables
> >(destination NAT -- transparent proxying . . . e.g., "destination NAT"
> >in this article: http://www.linux-mag.com/content/view/849/2236/).
> >
> >I've done this many times before, including on SuSE and various
> >flavors of BSD (with ipfw).
> >
> >For some reason I can't get it to work on Fedora 3.
> >
> >I do have ip forwarding on (/proc/sys/net/ipv4/ip_forward shows 1)
> >
> >The command I am trying to use is:
> >
> >/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
> >REDIRECT --to-port 8080
> >
> >
> I think this should probably by
> /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-port 8080
>
> I believe that's what works for me...
>
> --
> *Trevor "TeC" Christian*
> Cell #: (767) 225 4472
> IM
> MSN: trevorc98@hotmail.com / trevor@bouyon.dalive.com
> YM : trevorc01
> AIM: DoubleOTeC
> ------------------------------------------------------------------------
> Curriculum Vitae (PDF) <http://bouyon.dalive.com/cv/curriculum_vitae.pdf>
> Curriculum Vitae (HTML) <http://bouyon.dalive.com/cv/curriculum_vitae.html>
>
> ------------------------------
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Mark Haney: "Xorg configuration"
- Next in thread: David Cary Hart: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Reply: David Cary Hart: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Reply: Alexander Dalloz: "Re: iptables -- trying to redirect, but doesn't work (and related guru question)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
