Mailinglist Archive: opensuse-security (78 mails)
| < Previous | Next > |
iptables: DNAT from port x to port y
- From: Dominik Klein <dk@xxxxxxxxxxxxxxxx>
- Date: Wed, 04 Jan 2006 10:59:26 +0100
- Message-id: <43BB9C7E.4070205@xxxxxxxxxxxxxxxx>
Hi,
my linux router is supposed to forward https requests to the http port on my webserver.
Is this possible with iptables?
I thought that these lines should do (there is more in my iptables script, but I think this is the interesting part):
--snip--
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d $routerip --dport 443 -j DNAT --to-destination $webserverip:80
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp -d $webserverip --dport 80 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -d $routerip --dport 443 -j ACCEPT
--snip--
But apparently, clients still get forwarded to https, and as there is no https, they run into a timeout.
Am I missing something or is this not possible?
Regards,
Dominik
my linux router is supposed to forward https requests to the http port on my webserver.
Is this possible with iptables?
I thought that these lines should do (there is more in my iptables script, but I think this is the interesting part):
--snip--
$IPTABLES -t nat -A PREROUTING -i eth0 -p tcp -d $routerip --dport 443 -j DNAT --to-destination $webserverip:80
$IPTABLES -A FORWARD -i eth0 -o eth1 -p tcp -d $webserverip --dport 80 -j ACCEPT
$IPTABLES -A INPUT -i eth0 -p tcp -d $routerip --dport 443 -j ACCEPT
--snip--
But apparently, clients still get forwarded to https, and as there is no https, they run into a timeout.
Am I missing something or is this not possible?
Regards,
Dominik
| < Previous | Next > |