On Thu, Aug 19, 2004 at 10:35:13PM +0200, Matej Kovac wrote: > On Sat, Aug 14, 2004 at 06:04:20PM +0200, Martin Slouf wrote: > > > > I would like to have all requests to port 80 (nothing there) being > > redirected to 8080 (tomcat waiting) _within_ the same machine.
it worked as i wanted -- the REDIRECT target is fine as found later in documentation and so no DNAT or SNAT is needed. the working rules are: iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \ -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -I OUTPUT --src 0/0 --dst 127.0.0.1. \ -p tcp --dport 80 -j REDIRECT --to-ports 8080 --dst is of course set to eth0 addr my mistake and misunderstanding came from testing it with comp not connected to network -- i was testing on localhost (as posted in previous message) and my mistakes were: 1) i needed to redirect OUTPUT packets as well as incoming ones (PREROUTING chain) 2) i needed CONFIG_IP_NF_NAT_LOCAL=y in my kernel that's all. - - - - and a (simple) questions once more: im using shorewall as my iptables scripts (i found it quite simple to set up) and im quite satisfied with it. my questions are for shorewall users. 1. when something is set up not correctly, the firewall ends up with dropping all the packets -- that is not very good for distant management and this "feature" is forcing me to write my own firewall scripts to assure that ssh is always available at least. i was looking in config and startup files but did not find a simple solution -- when internally running iptables commands return with failure, the failure is not returned from shorewall scripts (all is returned as proper exit code 0) and so you cant react to exit code of underlaying iptables commands -- any solutions (using debian stable version 1.2.12). 2. the above iptables commands i placed into '/etc/shorewall/common' file, cause i find no better suitable location for them -- is there a file for running special user iptables commands? thx. > > aaaa prave pozeram ze ty si cech :) tak zdar :) jasne! cau na slovensko! at zije blackhole.sk! m.