Linode Forum
https://forum.linode.com/

iptables PREROUTING issue
https://forum.linode.com/viewtopic.php?f=19&t=6113
Page 1 of 1

Author:  blino [ Tue Oct 12, 2010 9:39 am ]
Post subject:  iptables PREROUTING issue

hello fellow linode users,

I just setup my tomcat to run on port 8080, but to forward all incoming requests on port 80 to 8080.
I configured iptables to ignore all connections except 80 & ssh and and configured prerouting too. so far so good. Now when I add tell iptables to ignore all incoming connections (at the end of the configuration). port 80 and 8080 everything stops working.

#Clear all earlier configurations
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X

#enable loopback
iptables -A INPUT -i lo -j ACCEPT
#enable already established connections
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#enable ssh
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
#enable port 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#PREROUTING from 80 to 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

Everything is ok so far and works as expected
After adding below line everything stops working
iptables -A INPUT -j DROP

Any help is appreciated.

cheers

Author:  jed [ Tue Oct 12, 2010 1:12 pm ]
Post subject: 

This isn't the issue, but wherever you copied this from (or read while making it) is out of date. I believe connstate is deprecated, if not removed.

You want:

Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT


If you're unfamiliar with iptables, I'd consider something like Shorewall as it writes rules that you wouldn't think of (and you've neglected here, like state INVALID).

Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/