FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-08-2011, 05:45 PM
Bob Beers
 
Default iptables nat table rules

On Tue, Feb 8, 2011 at 1:36 PM, Carlos S <neubyr@gmail.com> wrote:
> I am forwarding traffic on port 8080 to port 80 with following rule.
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j
> REDIRECT --to-port 80
> # iptables-save
>
> However, I am unable to add it directly in /etc/sysconfig/iptables. I
> think it is used only for filter table and not nat table. So where do
> nat table rules go? *Any help?
>
IIANM, *filter, *nat, and *mangle demark the beginning of
rules for the respective tables in the iptables file. If you don't
have any rules for a given table, you may not have that marker.

HTH,
-Bob
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 06:05 PM
Joe DiTommasso
 
Default iptables nat table rules

On Tue, Feb 08, 2011 at 12:36:44PM -0600, Carlos S wrote:
> I am forwarding traffic on port 8080 to port 80 with following rule.
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j
> REDIRECT --to-port 80
> # iptables-save
>
> However, I am unable to add it directly in /etc/sysconfig/iptables. I
> think it is used only for filter table and not nat table. So where do
> nat table rules go? Any help?
>
> -
> cs.
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Here's how I have it set up on a box where I'm doing something similar, but for ssh:
# Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010
*nat
:PREROUTING ACCEPT [38:3177]
:POSTROUTING ACCEPT [77:6468]
:OUTPUT ACCEPT [77:6468]
-A PREROUTING -s <ADDRESS> -p tcp -m tcp --dport 22 -j REDIRECT --to-ports 4022
COMMIT
# Completed on Fri Sep 17 10:39:51 2010
# Generated by iptables-save v1.3.5 on Fri Sep 17 10:39:51 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [660935177:1131719310086]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
(Normal iptables config continues)

Also, once you add the rule with the iptables command, have you tried iptables-save? That should give you a dump of all the rules that are in effect.
Joe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 07:08 PM
Robert Spangler
 
Default iptables nat table rules

On Tuesday 08 February 2011 13:36, Carlos S wrote:

> I am forwarding traffic on port 8080 to port 80 with following rule.
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j
> REDIRECT --to-port 80

Shouldn't that be '--to-ports'?

http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET

> # iptables-save

service iptables save

That should save the rules.

> However, I am unable to add it directly in /etc/sysconfig/iptables. I
> think it is used only for filter table and not nat table. So where do
> nat table rules go? Any help?

Same place, /etc/sysconfig/iptables.


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-08-2011, 08:43 PM
Carlos S
 
Default iptables nat table rules

Thanks for the help.

Robert, you pointed out the mistakes correctly. Not sure why I used
iptables-save command at first place...

--
cs.

On Tue, Feb 8, 2011 at 2:08 PM, Robert Spangler <mlists@zoominternet.net> wrote:
> On Tuesday 08 February 2011 13:36, Carlos S wrote:
>
>> *I am forwarding traffic on port 8080 to port 80 with following rule.
>> *# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j
>> *REDIRECT --to-port 80
>
> Shouldn't that be '--to-ports'?
>
> http://www.zoominternet.net/~lazydog/iptables-tutorial.html#REDIRECTTARGET
>
>> *# iptables-save
>
> service iptables save
>
> That should save the rules.
>
>> *However, I am unable to add it directly in /etc/sysconfig/iptables. I
>> *think it is used only for filter table and not nat table. So where do
>> *nat table rules go? *Any help?
>
> Same place, /etc/sysconfig/iptables.
>
>
> --
>
> Regards
> Robert
>
> Linux
> The adventure of a lifetime.
>
> Linux User #296285
> Get Counted
> http://counter.li.org/
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-09-2011, 12:30 PM
Robert Spangler
 
Default iptables nat table rules

On Tuesday 08 February 2011 16:43, Carlos S wrote:

> Thanks for the help.

You are welcome.

> Robert, you pointed out the mistakes correctly. Not sure why I used
> iptables-save command at first place...

Most likely because in ever other distro and web page that is the way to do
it. It's just RH that it is different.


--

Regards
Robert

Linux
The adventure of a lifetime.

Linux User #296285
Get Counted
http://counter.li.org/
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 08:29 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org