Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   iptables local forwarding (http://www.linux-archive.org/centos/181071-iptables-local-forwarding.html)

Tom Brown 10-23-2008 01:15 PM

iptables local forwarding
 
Hi

I am trying to forward port 80 to 8080 locally using iptables with the
following


/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
--to-port 8080


However this does not get put into the iptables configuration even after
running iptables-save


Have i missed something along the way?

thanks

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"Filipe Brandenburger" 10-23-2008 01:24 PM

iptables local forwarding
 
Hi,

On Thu, Oct 23, 2008 at 09:15, Tom Brown <tom@ng23.net> wrote:
> However this does not get put into the iptables configuration even after
> running iptables-save

iptables-save will only output the rules in a way that
iptables-restore will be able to rebuild the rules from.

If what you want is for these rules to be up when you boot the
machine, what you want is probably "service iptables save", which will
use iptables-save to record these rules to /etc/sysconfig/iptables,
and a script automatically calls iptables-restore to read that file
upon boot.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Max Hetrick 10-23-2008 01:28 PM

iptables local forwarding
 
Tom Brown wrote:

I am trying to forward port 80 to 8080 locally using iptables with the
following


/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
--to-port 8080


However this does not get put into the iptables configuration even after
running iptables-save


Have i missed something along the way?


Try adding it manually to the iptables config.

# vim /etc/sysconfig/iptables

And then restart iptables.

Regards,
Max
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Chan Chung Hang Christopher 10-23-2008 01:53 PM

iptables local forwarding
 
Try adding it manually to the iptables config.

# vim /etc/sysconfig/iptables

And then restart iptables.

Not recommended. Do 'service iptables save' as Filipe posted.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Tom Brown 10-23-2008 02:01 PM

iptables local forwarding
 
iptables-save will only output the rules in a way that
iptables-restore will be able to rebuild the rules from.

If what you want is for these rules to be up when you boot the
machine, what you want is probably "service iptables save", which will
use iptables-save to record these rules to /etc/sysconfig/iptables,
and a script automatically calls iptables-restore to read that file
upon boot.





thanks - once added do i need to do anything to make these 'live' ? I
imagine that a iptables restart will cut off current connections ? Is
there not a 'reload' or similar?


thanks


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Max Hetrick 10-23-2008 02:03 PM

iptables local forwarding
 
Chan Chung Hang Christopher wrote:


Not recommended. Do 'service iptables save' as Filipe posted.


I've never had any issues doing so. I know Johnny has recommended that
several times on the list as well. If he says it works, then I would say
it can't hurt. ;)


Regards,
Max
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Chan Chung Hang Christopher 10-23-2008 02:20 PM

iptables local forwarding
 
Tom Brown wrote:


thanks - once added do i need to do anything to make these 'live' ? I
imagine that a iptables restart will cut off current connections ? Is
there not a 'reload' or similar?


The moment you run iptables to add a rule, that rule becomes live.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

"Filipe Brandenburger" 10-23-2008 02:28 PM

iptables local forwarding
 
Hi,

On Thu, Oct 23, 2008 at 10:01, Tom Brown <tom@ng23.net> wrote:
> thanks - once added do i need to do anything to make these 'live' ? I
> imagine that a iptables restart will cut off current connections ? Is there
> not a 'reload' or similar?

AFAIK, "service iptables restart" does not cut off current
connections. The stateful connections are kept by the conntrack
module, which I believe will not be cleared on a restart of iptables,
and "service iptables restart" also uses iptables-restore, which does
the changes atomically instead of one by one.

However, don't blindly follow what I'm saying here, this is all from
memory and I might be wrong. If you really need to know it, verify it
on a test environment before you do it on the production one.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Tom Brown 10-23-2008 02:37 PM

iptables local forwarding
 
AFAIK, "service iptables restart" does not cut off current
connections. The stateful connections are kept by the conntrack
module, which I believe will not be cleared on a restart of iptables,
and "service iptables restart" also uses iptables-restore, which does
the changes atomically instead of one by one.

However, don't blindly follow what I'm saying here, this is all from
memory and I might be wrong. If you really need to know it, verify it
on a test environment before you do it on the production one.





yes of course - thanks for all assistance


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Robert Spangler 10-23-2008 10:23 PM

iptables local forwarding
 
On Thursday 23 October 2008 09:53, Chan Chung Hang Christopher wrote:

> > Try adding it manually to the iptables config.
> >
> > # vim /etc/sysconfig/iptables
> >
> > And then restart iptables.
>
> Not recommended. Do 'service iptables save' as Filipe posted.

You will need to explain why this is 'Not recommended'.
I do this all the time without issues.
In fact this is how I build my tables. No GUI or save options.


--

Regards
Robert

It is not just an adventure.
It is my job!!

Linux User #296285
http://counter.li.org
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 02:42 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.