I am attempting to forward port 443 to port 8443 but I am having no luck.
I have used the firewall configuration tool [i]system-config-firewall-tui[/i].
I have followed the instructions here: http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-firewall-ipt-fwd.html.
This is my iptables configuration found at /etc/sysconfig/iptables:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:8443
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW -m tcp -p tcp -d 127.0.0.1 --dport 8443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
I am testing the forwarding setup by running as a normal user.
[b]nc -l localhost 8443[/b]
I then attempt to connect by running:
[b]nc localhost 443[/b]
This does not work and I cannot connect. Any ideas?
Port forwarding not working
Port forwarding not working
You can't set a rule on eth0 then telnet to localhost! If you want to test it like that then you need to set the rule on -i lo or use a different machine to telnet to the IP address of eth0.
Edit: hmm, I'm also a little dubious about some of the rules in the filter table. You seem to have 4 rules in the FORWARD chain that really ought to be on the INPUT chain
[quote]
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW -m tcp -p tcp -d 127.0.0.1 --dport 8443 -j ACCEPT
[/quote]
Edit: hmm, I'm also a little dubious about some of the rules in the filter table. You seem to have 4 rules in the FORWARD chain that really ought to be on the INPUT chain
[quote]
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -m state --state NEW -m tcp -p tcp -d 127.0.0.1 --dport 8443 -j ACCEPT
[/quote]
Re: Port forwarding not working
Thanks TrevorH!
Instead of forwarding to 127.0.0.1 I now instead forward to eth0's address 172.24.0.248.
I set up netcat to listen on that address and then I connect to eth0 from a remote machine.
Aside from opening up port 443 (this is the incoming port that will be forwarded to port 8443)
I also needed to open up port 8443 although I'm not entirely sure why.
The forwarding now works! Thanks for the help, networking is a topic I do not have much
knowledge on and I will have to read more.
On an aside, due to my professed ignorance I'm not sure what those extra rules are there for,
I just used the [i]system-config-firewall-tui[/i] config tool.
Instead of forwarding to 127.0.0.1 I now instead forward to eth0's address 172.24.0.248.
I set up netcat to listen on that address and then I connect to eth0 from a remote machine.
Aside from opening up port 443 (this is the incoming port that will be forwarded to port 8443)
I also needed to open up port 8443 although I'm not entirely sure why.
The forwarding now works! Thanks for the help, networking is a topic I do not have much
knowledge on and I will have to read more.
On an aside, due to my professed ignorance I'm not sure what those extra rules are there for,
I just used the [i]system-config-firewall-tui[/i] config tool.