Re: NAT from eth0:0 port 80 to lo port 8080?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




Thanks, Florin and Robert, for your suggestions.

I'm still stumped, though.

This rule looks to be the REDIRECT rule that Robert suggests. Unfortunately, as I have it written here, it fail instantly -- telnetting to port 80 causes an instant error. iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to- ports 127.0.0.1:8080

This gets packets in, but no reply:
iptables -t nat -A PREROUTING -p tcp -d 64.61.61.112 --dport 80 -j DNAT --to-destination 127.0.0.1:8080

Florin, I did try running tcpdump before -- good to hear this was a sound way to debug this; the above "no reply" rule shows the following packet: 19:47:07.707346 IP [my laptop's ip address].39679 > 64.61.61.112.http: S 4212369272:4212369272(0) win 5840 <mss 1460,sackOK,timestamp 1264677320 0,nop,wscale 2>

So, I'm still stumped.

The exact iptables rules are below.

Any other thoughts? There's not something besides /proc/sys/net/ipv4/ ip_forward that needs to be twiddled, is there?

best,
Jeff

% iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 197 20881 RH-Firewall-1-INPUT all -- any any anywhere anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination 0 0 RH-Firewall-1-INPUT all -- any any anywhere anywhere

Chain OUTPUT (policy ACCEPT 139 packets, 36106 bytes)
pkts bytes target prot opt in out source destination

Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination 8 1688 ACCEPT all -- lo any anywhere anywhere 1 84 ACCEPT icmp -- any any anywhere anywhere icmp any 0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere 0 0 ACCEPT ipv6-auth-- any any anywhere anywhere 0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:5353 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp 181 18689 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 2 120 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:webcache 5 300 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:5666 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited



--
Jeff Potter
http://www.atof.net/go/boston




_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux