« September 2012 | Main | January 2013 »

December 11, 2012

iptables: redirecting ports

Generally, the preferred method to redirect in-bound traffic on port 80 to port 8080 is to utilize NAT/firewall rules (iptables, specifically). Use the following method to complete the process...

IPTABLES=`which iptables`
$IPTABLES --flush
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# Accept everything from the local interface
$IPTABLES -A INPUT -i lo -j ACCEPT

# Accept traffic on port 80
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
# Accept traffic on port 8080
$IPTABLES -A INPUT -p tcp --dport 8080 -j ACCEPT
# Accept ssh traffice
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

# Local redirect
$IPTABLES -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
# Actual 80 to 8080 redirect
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

# Save the configuration
IPTABLES_SAVE=`which iptables-save`
if [ -d "/etc/sysconfig" ]
then
$IPTABLES_SAVE > /etc/sysconfig/iptables
fi

Posted by cdgrieb at 12:08 PM | Comments (0)