iptables redirect with a caveat
Daniel Stasinski
daniel at genericinbox.com
Sun Sep 17 20:58:46 MST 2017
Right after I posted, I figured out a solution.
I just added redirect from 7778 to 80. Since 80 is not active, it drops it
A PREROUTING -p tcp -m tcp --dport 7778-j REDIRECT --to-ports 80
*Daniel P. Stasinski*
daniel at GenericInbox.com
I 💛✞
On Sun, Sep 17, 2017 at 8:24 PM, Daniel Stasinski <daniel at genericinbox.com>
wrote:
>
> On my server, I am redirecting incoming port 80 to port 7778 via iptables,
> but I'm unsure how to block connects directly to port 7778 from the
> outside. I've hit a brick wall in my understanding of pre and post
> routing.
>
> I could use a little wisdom here. Thanks. :)
>
> #/etc/sysconfig/iptables
> *nat
> :PREROUTING ACCEPT [15:1051]
> :POSTROUTING ACCEPT [63:4394]
> :OUTPUT ACCEPT [63:4394]
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 7778
> COMMIT
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [1661:376223]
> -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
> COMMIT
>
> *Daniel P. Stasinski*
> daniel at GenericInbox.com
> I 💛✞
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170917/2b99e147/attachment.html>
More information about the PLUG-discuss
mailing list