Re: Redirect port 80->8080 on the same machine

To: debian-firewall@lists.debian.org
Subject: Re: Redirect port 80->8080 on the same machine
From: Jason McCarty <bclg@iup.edu>
Date: Wed, 7 Aug 2002 18:40:15 -0400
Message-id: <[🔎] 20020807224015.GA282@iup.edu>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] sd51235a.082@208.143.41.28>
References: <[🔎] sd51235a.082@208.143.41.28>

On Wed, Aug 07, 2002 at 01:40:34PM -0400, Robert Clay wrote:
> Ah;   it needs to be done for each interaface?  Or is there a more generic way of doing it?
> 
> >>> Vineet Kumar <debian-security@virtual.doorstop.net> 08/07/02 01:31PM >>>
> * Janusz Ulanowski (janul@netten.pl) [020807 08:25]:
>  
> > but it's working for incoming packets, from my localhost isn't work
> 
> iptables -t  nat -A PREROUTING -p tcp --dport 80 -i lo -j DNAT \
> --to 192.168.0.1:8080

iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT \
--to-ports 8080
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner \! --uid-owner 13 \
-j REDIRECT --to-ports 8080

Should work. I tested it on my own firewall, although I just tested it
with netcat, not a real proxy.

Locally generated packets don't go through the PREROUTING chain, so you
have to manipulate them in OUTPUT, and you also have to differentiate
them from the proxy's outgoing packets, hence the match against uid 13
(proxy), taken from /etc/passwd.

Unfortunately, you'll have to enable owner match support in your kernel
for the second line to work, so you might have to recompile (it's one of
the features labelled experimental).

  Jason

Reply to:

References:
- Re: Redirect port 80->8080 on the same machine
  - From: "Robert Clay" <JClay@techteam.com>

Prev by Date: Re: Redirect port 80->8080 on the same machine
Next by Date: Re: Redirect port 80->8080 on the same machine
Previous by thread: Re: Redirect port 80->8080 on the same machine
Next by thread: Unable to access *one* web site on a woody firewall
Index(es):
- Date
- Thread