I have a web service running on debian 7 and listening on port 8080. I want to redirect 80 to 8080 for inbound connections and allow only port 80. Here is my iptables
configuration:
root@localhost:~# iptables -v -L --line-numbers
Chain INPUT (policy DROP 76 packets, 6266 bytes)
num pkts bytes target prot opt in out source destination
1 90 8898 ACCEPT all -- lo any anywhere anywhere
2 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
3 4515 3113K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4858 packets, 587K bytes)
num pkts bytes target prot opt in out source destination
and nat table:
root@localhost:~# iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 14 packets, 2288 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
0 0 REDIRECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 redir ports 8080
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 841 packets, 53415 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 841 packets, 53415 bytes)
pkts bytes target prot opt in out source destination
i can't establish a connection from outside on port 80. What are likely deficiencies?
Best Answer
When User HIT Port 80 Then in
iptables
it's first checkNAT PREROUTING
Table then it's checksFILTER
Tables, So as per your scenario you need to allow Port 8080 in Filter INPUT chain.See below Example:
In Filter Table :
In Nat Table :
Above rules is tested with Filter INPUT Policy Drop and it's working.
For Tables Sequence is Below :
For more details check this page.