Iptables Quick Reference

From Zanecorpwiki

Jump to: navigation, search

Redirect a Port

In this example, we redirect 10.0.0.1:8080 to 10.0.0.2:80; useful to allow a non-root process to run a web server that still listens on the standard port: 

iptables -I INPUT -d 10.0.0.1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -d 10.0.0.1 -p tcp --dport 80 -j DNAT --to 10.0.0.2:8080
iptables -I FORWARD -d 10.0.0.2 -p tcp --dport 8080 -j ACCEPT

If the routing is on the same host (and interface), just make the instances of the outgoing (10.0.0.2) IPs match the incoming (10.0.0.1) IP.

The first command allows incoming requests; i.e., punches a whole in the firewall for the request (on 80/http). The second command sets up the 'dynamic network address translation'. This edits incoming requests to redirect them to the indicated IP:port and outgoing responses so they appear to be responses from the incoming IP:port (80/http-8080/althttp). The final command opens a whole in the firewall allowing the redirected packets out of the firewall (to 8080/althttp). If you're not blocking ports, either or both of the first and last command may not be necessary.

Retrieved from "http://www.zanecorp.com/wiki/index.php/Iptables_Quick_Reference"
Personal tools
NEW CHANGED