How do I redirect 80 port to 8123 using iptables?
You can easily redirect incoming traffic by inserting rules into PREROUTING chain of the nat table. You can set destination port using the REDIRECT target.
Syntax
The syntax is as follows to redirect tcp $srcPortNumber port to $dstPortNumber:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumbe
The syntax is as follows to redirect udp $srcPortNumber port to $dstPortNumber:
iptables -t nat -A PREROUTING -i eth0 -p udp --dport $srcPortNumber -j REDIRECT --to-port $dstPortNumbe
Replace eth0 with your actual interface name. The following syntax match for source and destination ips:
iptables -t nat -I PREROUTING --src $SRC_IP_MASK --dst $DST_IP -p tcp --dport $portNumber -j REDIRECT --to-ports $rediectPort
Examples:
The following example redirects TCP port 25 to port 2525:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 2525
In this example all incoming traffic on port 80 redirect to port 8123
iptables -t nat -I PREROUTING --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123
Quoting from the iptables man page:
This target is only valid in the nat table, in the PREROUTING and OUTPUT
chains, and user-defined chains which are only called from those
chains. It redirects the packet to the machine itself by changing the
destination IP to the primary address of the incoming interface
(locally-generated packets are mapped to the 127.0.0.1 address). It
takes one option:
--to-ports port[-port]
This specifies a destination port or range of ports to use:
without this, the destination port is never altered. This is
only valid if the rule also specifies -p tcp or -p udp.
The OUTPUT chain example:
iptables -t nat -I OUTPUT --src 0/0 --dst 192.168.1.5 -p tcp --dport 80 -j REDIRECT --to-ports 8123
How Do I View NAT Rules?
Type the following command:
iptables -t nat -L -n -v
How Do I Save NAT Redirect Rules?
Type the following command:
iptables-save
References:
- man page - iptables
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 14 comments… read them below or add one }
Just came across this one.Never tried but good idea.
gotta love this site.
thanks for the 1000th time ;)
Hi,
Nice Article… !!!
Please check my query and update me if it is possible by iptables or any other software…
I have 2 application servers (i.e. A and B)
A ip is :- 192.168.11.22 and port :- 7013 (single lan card)
B ip is :- 10.10.10.22 and port :- 8014 (single lan card)
Now i want to set port fowarding/ redirection. When any client request to 192.168.11.22:7013 it will redirect to 10.10.10.22:8014 . How it is possible by iptables or any other way ?
Thank you.
Hi,
I think for nat , two lan cards are required……
and can we pass one machine traffic to other which are on internet via port redirection….?
Thansks
Thank you! I always forget how to redirect
Well heck. I thought this was my answer but adding the iptables rule to redirect outbound port 25 traffic to port 2525 has no effect. (Ubuntu 10.04)
Mixmaster is giving me cat fits because ISPs have decided that we are not allowed to send RFC compliant e-mail any more. Ever. No matter what. Any suggestions?
Hi,
Can we see packet , means redirection from port 80 to port 3128 or redirect of confiugred ports in iptables rule.
My question is that , is there any tool or utility, by use of it we can see how packet handle by iptables.
Thanks,
ROcky
How about redirecting an internal request to go out over a different interface.
I got bond0 and wlan0.
The request for a specific server let’s call it foobar on port 443. I always want to go out over wlan0 and never over bond0.
God bless you. I’ve been looking for these!
all connections are being redirected to the proxy … Why, if it is set different from the 172.16.0.0/12 and those connections I’m also going through the proxy
$IPTABLES -A PREROUTING -t nat -p tcp -i eth2 -s 10.18.83.0/24 -d ! 172.16.0.0/12 -m multiport –dports 80,443 -j DNAT –to 172.19.100.206:3128
Thanks, this was very helpful :)
Hi, I’ve got a quite funny setup. I connect with ssh to server1 and establish a tunnel. Packets are generated I mark the packets on the OUTPUT chain and redirect them with ip route through a vpn gateway. This works fine.
But I want to redirect the port from 80 to 3028 and this does not work on the output chain. The rule is ignored. How can I redirect the port on the Postrouting chain?
single rule doesnt work if You have a big script. Could You please publish complete firewall script with all settings ?
Does this syntax guarantee the return path from $dstPortNumber back to $srcPortNumber as well? I tried this out and it seems that my client can receive packets on the dstPort just fine, but those sent back are lost somehow.