 |
Linode Forum
Linode Community Forums
|
| Author |
Message |
blino
Joined: 11 Oct 2010
Posts: 5
|
| Posted: Tue Oct 12, 2010 8:39 am Post subject: iptables PREROUTING issue |
|
|
hello fellow linode users,
I just setup my tomcat to run on port 8080, but to forward all incoming requests on port 80 to 8080.
I configured iptables to ignore all connections except 80 & ssh and and configured prerouting too. so far so good. Now when I add tell iptables to ignore all incoming connections (at the end of the configuration). port 80 and 8080 everything stops working.
#Clear all earlier configurations
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
#enable loopback
iptables -A INPUT -i lo -j ACCEPT
#enable already established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#enable ssh
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
#enable port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#PREROUTING from 80 to 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Everything is ok so far and works as expected
After adding below line everything stops working
iptables -A INPUT -j DROP
Any help is appreciated.
cheers |
|
| Back to top |
|
jed
Joined: 28 Mar 2009
Posts: 394
Location: New Jersey
|
| Posted: Tue Oct 12, 2010 12:12 pm Post subject: |
|
|
This isn't the issue, but wherever you copied this from (or read while making it) is out of date. I believe connstate is deprecated, if not removed.
You want:
Code: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
If you're unfamiliar with iptables, I'd consider something like Shorewall as it writes rules that you wouldn't think of (and you've neglected here, like state INVALID). |
|
| Back to top |
|
| |
|