Mailinglist Archive: opensuse-security (78 mails)

< Previous Next >
iptables: DNAT from port x to port y
  • From: Dominik Klein <dk@xxxxxxxxxxxxxxxx>
  • Date: Wed, 04 Jan 2006 10:59:26 +0100
  • Message-id: <43BB9C7E.4070205@xxxxxxxxxxxxxxxx>
Hi,

my linux router is supposed to forward https requests to the http port on my webserver.

Is this possible with iptables?

I thought that these lines should do (there is more in my iptables script, but I think this is the interesting part):
--snip--
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d $routerip --dport 443 -j DNAT --to-destination $webserverip:80
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp -d $webserverip --dport 80 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -d $routerip --dport 443 -j ACCEPT
--snip--

But apparently, clients still get forwarded to https, and as there is no https, they run into a timeout.

Am I missing something or is this not possible?

Regards,
Dominik

< Previous Next >