Thanks again for the feedback. You're right; here's some more detail. To make this even easier, I have turned off what was on port 8080, and have started Apache on port 80, and now I'll attempt to redirect from port 8080 to port 80 (reverse of what I was trying earlier). First I'll flush the tables, then I'll add my rule, then I'll do a request (I'll use wget, but it's the same with a browser, etc.) on port 80, and then on port 8080; and then I'll show the traffic through the chains. 0 packets through the rule on the "nat" table. I just don't get it. Here's a transcript: [root@preview ~]# /sbin/iptables -t filter -F [root@preview ~]# /sbin/iptables -t mangle -F [root@preview ~]# /sbin/iptables -t nat -F [root@preview ~]# cat /proc/sys/net/ipv4/ip_forward 1 [root@preview ~]# /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 80 -j REDIRECT --to-port 80 [root@preview ~]# wget http://localhost >/dev/null --16:56:06-- http://localhost/ => `index.html' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 35 [text/html] 100%[====================================>] 35 --.--K/s 16:56:06 (341.80 KB/s) - `index.html' saved [35/35] [root@preview ~]# wget http://localhost:8080 >/dev/null --16:56:10-- http://localhost:8080/ => `index.html.1' Resolving localhost... 127.0.0.1 Connecting to localhost[127.0.0.1]:8080... failed: Connection refused. [root@preview ~]# /sbin/iptables -L -n -v Chain INPUT (policy ACCEPT 48367 packets, 43M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 28546 packets, 2657K bytes) pkts bytes target prot opt in out source destination [root@preview ~]# /sbin/iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 35 packets, 3732 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 80 Chain POSTROUTING (policy ACCEPT 367 packets, 16375 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 367 packets, 16375 bytes) pkts bytes target prot opt in out source destination [root@preview ~]# On 5/2/05, Taylor, Grant <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > > /proc/sys/net/ipv4/ip_forward shows: 1 > > ... > > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > > pkts bytes target prot opt in out source destination > > I'm not trying to doubt you but either you took the info from iptables before any traffic has passed through the forward chain or there is a problem that is preventing traffic from traversing the forward chain. You did say that you set ip_forward to 1 which should allow traffic to be forwarded. Do an iptables -L -n -v to see if any traffic passing through your forward chain. > > > Grant. . . . > >
