RE: Instructions on how to redirect port 80 to port 8080

"Martinez, Michael" <MMARTINEZ@xxxxxxxxxxxxxxx> · Wed, 18 Feb 2004 09:31:11 -0500



--> On Wednesday 18 February 2004 2:06 pm, Martinez, Michael wrote:
--> 
--> > --> iptables -A PREROUTING -t nat -d a.b.c.d -p tcp --dport 80
--> > --> -j REDIRECT --to 8080
--> >
--> > This isn't working. I can "telnet `hostname` 8080" and get an http
--> > response, but when I do "telnet `hostname` 80" the 
--> response I get is
--> > "telnet: Unable to connect to remote host: Connection refused."
--> 
--> Given the ruleset you've posted, I don't see how a telnet 
--> to 8080 can work, 
--> since you have no INPUT rule allowing packets to that port...
--> 
--> Please flush the counters on your rules using "iptables -Z; 
--> iptables -Z -t 
--> nat", 

Done

--> connect to port 8080, and then tell us the output of 
--> "iptables -L -nvx;

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source
destination
     131    10661 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts      bytes target     prot opt in     out     source
destination
       0        0 RH-Firewall-1-INPUT  all  --  *      *       0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 102 packets, 8080 bytes)
    pkts      bytes target     prot opt in     out     source
destination

Chain RH-Firewall-1-INPUT (2 references)
    pkts      bytes target     prot opt in     out     source
destination
      36     1828 ACCEPT     all  --  lo     *       0.0.0.0/0
0.0.0.0/0
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0
0.0.0.0/0          icmp type 255
       0        0 ACCEPT     esp  --  *      *       0.0.0.0/0
0.0.0.0/0
       0        0 ACCEPT     ah   --  *      *       0.0.0.0/0
0.0.0.0/0
      82     5404 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          state RELATED,ESTABLISHED
       1       48 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:22
       0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0
0.0.0.0/0          state NEW tcp dpt:80
      12     3381 REJECT     all  --  *      *       0.0.0.0/0
0.0.0.0/0          reject-with icmp-host-prohibited
 
--> iptables -L -t nat -nvx".

Chain PREROUTING (policy ACCEPT 19 packets, 4845 bytes)
    pkts      bytes target     prot opt in     out     source
destination
       0        0 REDIRECT   tcp  --  *      *       0.0.0.0/0
199.128.238.12     tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT 34 packets, 2054 bytes)
    pkts      bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 34 packets, 2054 bytes)
    pkts      bytes target     prot opt in     out     source
destination

Mike Martinez
Attachment:
smime.p7s

Description: S/MIME cryptographic signature