iptables PREROUTING issue

Question

iptables PREROUTING issue

networking

hello fellow linode users,

I just setup my tomcat to run on port 8080, but to forward all incoming requests on port 80 to 8080.

I configured iptables to ignore all connections except 80 & ssh and and configured prerouting too. so far so good. Now when I add tell iptables to ignore all incoming connections (at the end of the configuration). port 80 and 8080 everything stops working.

Clear all earlier configurations

iptables -F

iptables -t nat -F

iptables -t mangle -F

iptables -X

iptables -t nat -X

iptables -t mangle -X

enable loopback

iptables -A INPUT -i lo -j ACCEPT

enable already established connections

iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

enable ssh

iptables -A INPUT -p tcp --dport ssh -j ACCEPT

enable port 80

iptables -A INPUT -p tcp --dport 80 -j ACCEPT

PREROUTING from 80 to 8080

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Everything is ok so far and works as expected

After adding below line everything stops working

iptables -A INPUT -j DROP

Any help is appreciated.

cheers

1 Reply

forum:jed · Answer 1 · Oct. 12, 2010, 1:12 p.m.

forum:jed 14 years, 1 month ago

This isn't the issue, but wherever you copied this from (or read while making it) is out of date. I believe connstate is deprecated, if not removed.

You want:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

If you're unfamiliar with iptables, I'd consider something like Shorewall as it writes rules that you wouldn't think of (and you've neglected here, like state INVALID).

Compute

Storage

Networking

Databases

Services

Developer Tools

Industries

Pricing

Community

Engage With Us

iptables PREROUTING issue

Clear all earlier configurations

enable loopback

enable already established connections

enable ssh

enable port 80

PREROUTING from 80 to 8080

1 Reply

Reply

Tips: