I'm aware that centos7 is using firewalld and have disabled the service and installed iptables services.
I kept port 22,80,8080 open and plan to redirect request to other ports to port 4444. The issue is that iptables doesn't load the same rules after rebooting. I'm unable to access port 80 and 8080 web services. However, ssh is fine.
Here is what I did:
- iptables -F
iptables -t nat -A PREROUTING -i ens33 -p tcp -m tcp -m multiport --dports 1:21,23:79,81:8079,8081:65535 -j REDIRECT --to-ports 4444
service iptables save
** Try to access port 22,80,8080 from another pc, it works.
reboot
Code: Select all
# Generated by iptables-save v1.4.21 on Fri Sep 8 03:00:13 2017
*mangle
:PREROUTING ACCEPT [83:12197]
:INPUT ACCEPT [82:12165]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [33:14048]
:POSTROUTING ACCEPT [34:14080]
COMMIT
# Completed on Fri Sep 8 03:00:13 2017
# Generated by iptables-save v1.4.21 on Fri Sep 8 03:00:13 2017
*filter
:INPUT ACCEPT [81:12093]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [33:14048]
COMMIT
# Completed on Fri Sep 8 03:00:13 2017
# Generated by iptables-save v1.4.21 on Fri Sep 8 03:00:13 2017
*nat
:PREROUTING ACCEPT [12:1311]
:INPUT ACCEPT [12:1311]
:OUTPUT ACCEPT [1:76]
:POSTROUTING ACCEPT [1:76]
-A PREROUTING -i ens33 -p tcp -m tcp -m multiport --dports 1:21,23:79,81:8079,8081:65535 -j REDIRECT --to-ports 4444
-A PREROUTING -i ens33 -p tcp -m tcp -m multiport --dports 1:21,23:79,81:8079,8081:65535 -j REDIRECT --to-ports 4444
COMMIT
# Completed on Fri Sep 8 03:00:13 2017
Rules loaded after rebooting:
Code: Select all
[root@localhost ~]# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -i ens33 -p tcp -m tcp -m multiport --dports 1:21,23:79,81:8079,8081:65535 -j REDIRECT --to-ports 4444
-A PREROUTING -i ens33 -p tcp -m tcp -m multiport --dports 1:21,23:79,81:8079,8081:65535 -j REDIRECT --to-ports 4444
-A PREROUTING -i ens33 -p tcp -m tcp --dport 1:21 -j REDIRECT --to-ports 4444
-A PREROUTING -i ens33 -p tcp -m tcp --dport 23:65535 -j REDIRECT --to-ports 4444
[root@localhost ~]# iptables -S -t filter
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
[root@localhost ~]# iptables -S -t mangle
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT