Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 16:43, Carlos S wrote: > Thanks for the help. You are welcome. > Robert, you pointed out the mistakes correctly. Not sure why I used > iptables-save command at first place... Most likely because in ever other distro and web page that is the way to do it. It's just RH that it is different. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
Thanks for the help. Robert, you pointed out the mistakes correctly. Not sure why I used iptables-save command at first place... -- cs. On Tue, Feb 8, 2011 at 2:08 PM, Robert Spangler wrote: > On Tuesday 08 February 2011 13:36, Carlos S wrote: > >> I am forwarding traffic on port 8080 to port 80 with following rule. >> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j >> REDIRECT --to-port 80 > > Shouldn't that be '--to-ports'? > > http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET > >> # iptables-save > > service iptables save > > That should save the rules. > >> However, I am unable to add it directly in /etc/sysconfig/iptables. I >> think it is used only for filter table and not nat table. So where do >> nat table rules go? Any help? > > Same place, /etc/sysconfig/iptables. > > > -- > > Regards > Robert > > Linux > The adventure of a lifetime. > > Linux User #296285 > Get Counted > http://counter.li.org/ > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tuesday 08 February 2011 13:36, Carlos S wrote: > I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80 Shouldn't that be '--to-ports'? http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET > # iptables-save service iptables save That should save the rules. > However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? Any help? Same place, /etc/sysconfig/iptables. -- Regards Robert Linux The adventure of a lifetime. Linux User #296285 Get Counted http://counter.li.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tue, Feb 08, 2011 at 12:36:44PM -0600, Carlos S wrote: > I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80 > # iptables-save > > However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? Any help? > > - > cs. > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos Here's how I have it set up on a box where I'm doing something similar, but for ssh: # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *nat :PREROUTING ACCEPT [38:3177] :POSTROUTING ACCEPT [77:6468] :OUTPUT ACCEPT [77:6468] -A PREROUTING -s -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 4022 COMMIT # Completed on Fri Sep 17 10:39:51 2010 # Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [660935177:1131719310086] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT (Normal iptables config continues) Also, once you add the rule with the iptables command, have you tried iptables-save? That should give you a dump of all the rules that are in effect. Joe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] iptables nat table rules
On Tue, Feb 8, 2011 at 1:36 PM, Carlos S wrote: > I am forwarding traffic on port 8080 to port 80 with following rule. > # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j > REDIRECT --to-port 80 > # iptables-save > > However, I am unable to add it directly in /etc/sysconfig/iptables. I > think it is used only for filter table and not nat table. So where do > nat table rules go? Any help? > IIANM, *filter, *nat, and *mangle demark the beginning of rules for the respective tables in the iptables file. If you don't have any rules for a given table, you may not have that marker. HTH, -Bob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] iptables nat table rules
I am forwarding traffic on port 8080 to port 80 with following rule. # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80 # iptables-save However, I am unable to add it directly in /etc/sysconfig/iptables. I think it is used only for filter table and not nat table. So where do nat table rules go? Any help? - cs. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
