iptables redirect question.

iptables redirect question.

Post by yozh.. » Sat, 10 Dec 2005 09:04:47



Hi,

I have a question on the use of iptables. If I run the following
command:

iptables -t nat -A OUTPUT --dport 80 -j REDIRECT --to-port 3333

How the packet will be processed by the iptables?

-->PREROUTING------->FORWRD------------>POSTROUTING
                           |                        |
                           |                        |
                           |                        |
                      INPUT                OUTPUT
                           |                        |
                           |                        |
                               local process

According to man page:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and
OUTPUT chains, and user-defined chains which are only called from those
chains. It alters the destination IP address to send the packet to the
machine itself (locally-generated packets are mapped to the 127.0.0.1
address).

Does the packet still have destination's Address after it pass the
OUTPUT block?  If the packet received by port 3333 does not have the
destination IP address, how the server behind the port 3333 to get the
dst ip to communicates with the real destination?

Does this packet need to first pass the POSTROUTING, then come in
through PREROUTING, INPUT block to reach port 3333?  Or it has some
shortcut?

Thanks!

Yong

 
 
 

iptables redirect question.

Post by Rober » Sun, 11 Dec 2005 07:22:00



> Hi,

> I have a question on the use of iptables. If I run the following
> command:

> iptables -t nat -A OUTPUT --dport 80 -j REDIRECT --to-port 3333

> Does the packet still have destination's Address after it pass the
> OUTPUT block?

Yes, the only thing you have changed is the destination port that the
packet was heading to.

--

Regards
Robert

Smile... it increases your face value!

----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

 
 
 

1. IPTABLES redirect question

Hi all,

We've got two RedHat 7.2 servers (A and B) in our LAN. Server A has 2
network cards, one is 202.x.x.1(eth0) and the other is 192.168.x.1(eth1).
Server B has only one network card and the IP address is 192.168.x.2(eth0).
We can access server A and even our LAN from outside. Now I want do such
kind of work, through which we can browse the APACHE website on server B.
That means when someone browse http://202.x.x.1:80, server A will forward
this request to server B, that is 192.168.x.2:80. This is the command I
typed on server A: $iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 -d
localhost --dport 80 -j DNAT --to 192.168.x.2:80.
But I'm sure that's a wrong method, since I still see the apache test page
on server A, instead of formal website on server B.
Please give me some advice.
Any help will be appreciated.

relax

2. Exporting Sound over a Network.

3. iptables REDIRECT original destination-ip

4. RedHat 6.0 and Digital Camera

5. pb setting up iptables for redirecting incoming UDP packets to LAN (voip)

6. wu-ftpd guest login w/ PAM authentication

7. iptables: local port redirect dont work ...

8. How to tell stack size ?

9. iptable port redirect

10. iptables : redirecting web traffic

11. iptables redirect problem

12. Internal Redirecting with IPTables??

13. how do I redirect all outgoing packets using IPTABLES