Re: Removing a REDIRECT rule not working

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oops, sorry my bad: there was unfortunately a misconfiguration in my router... :-(


U.Mutlu wrote, On 12/19/2014 12:57 PM:
I think I found a bug in iptables:

If applying such a rule:

  iptables -t nat -A PREROUTING -p tcp --dport 1234 -j REDIRECT --to-port 5678

then testing it at least once by putting a server-app at port 5678,
and then throwing this rule away by clearing (flushing) alle the tables
doesn't get this rule disappear anymore; it somehow is still active,
because the REDIRection still works even after clearing the tables.

(Haven't checked yet if after a reboot of the system the problem disappears,
but even then this of course wouldn't be a satifactory solution to the problem.)

My system: debian 8 (jessie), iptables from the beforementioned repo, version
v1.4.21


Another related issue:

The following documentation says that the above rule would be a "transparent
proxy":
  http://www.tldp.org/HOWTO/TransparentProxy-5.html
But this can't be true, because it's NAT (s.a.); whereas from a
transparent proxy one would expect that the originating IP gets
passed thru to the redirected port, which is not the case here;
only the NATted IP gets passed...

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux