| Linode Forum https://forum.linode.com/ |
|
| iptables PREROUTING issue https://forum.linode.com/viewtopic.php?f=19&t=6113 |
Page 1 of 1 |
| Author: | blino [ Tue Oct 12, 2010 9:39 am ] |
| Post subject: | iptables PREROUTING issue |
hello fellow linode users, I just setup my tomcat to run on port 8080, but to forward all incoming requests on port 80 to 8080. I configured iptables to ignore all connections except 80 & ssh and and configured prerouting too. so far so good. Now when I add tell iptables to ignore all incoming connections (at the end of the configuration). port 80 and 8080 everything stops working. #Clear all earlier configurations iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -X iptables -t mangle -X #enable loopback iptables -A INPUT -i lo -j ACCEPT #enable already established connections iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT #enable ssh iptables -A INPUT -p tcp --dport ssh -j ACCEPT #enable port 80 iptables -A INPUT -p tcp --dport 80 -j ACCEPT #PREROUTING from 80 to 8080 iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 Everything is ok so far and works as expected After adding below line everything stops working iptables -A INPUT -j DROP Any help is appreciated. cheers |
|
| Author: | jed [ Tue Oct 12, 2010 1:12 pm ] |
| Post subject: | |
This isn't the issue, but wherever you copied this from (or read while making it) is out of date. I believe connstate is deprecated, if not removed. You want: Code: iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT If you're unfamiliar with iptables, I'd consider something like Shorewall as it writes rules that you wouldn't think of (and you've neglected here, like state INVALID). |
|
| Page 1 of 1 | All times are UTC-04:00 |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|