PaulDotCom mailing list archives

Re: need iptables help

From: Hans Kokx <skipmeister123 () gmail com>
Date: Sun, 23 Dec 2012 20:22:28 -0500

I just put this rule in the other day -- it catches all traffic coming in
on port 80 and shoves it over to port 8080. Sounds like what you need,
right?

iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 80 -j
REDIRECT --to-port 8080
iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 80 -j REDIRECT
--to-port 8080



On Sun, Dec 23, 2012 at 7:18 PM, Robin Wood <robin () digininja org> wrote:

I know very little iptables so no I haven't, got any pointers or any
suggestions on specific examples? All I could find on Google were based on
this.

Robin
On Dec 24, 2012 12:11 AM, "anthony kasza" <anthony.kasza () gmail com> wrote:

Have you tried the FORWARD chain?

-AK
On Dec 23, 2012 7:01 PM, "Robin Wood" <robin () digininja org> wrote:

Hi
I need an IP tables rule that will catch all traffic going over a
network bridge and send anything destined to port 80 to 8080. As the
proxy that will be listening on port 8080 will modify some traffic to
make it request from the IP of the local machine I'll need the rule to
ignore requests to port 80 on the IP of the localhost.

This is what I tried as this works with IP forwarding for things like
ARP spoofing but this doesn't work in this instance, I think because
there is no routing going on, the traffic is just being passed
straight through.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 ! -d
<local-IP> -j REDIRECT --to-port 8080

With this rule in place, if I drop the -d I can get pages being
requested from the web server on the local machine to be bounced
through the proxy.

How do I do it?

Got a few good tools going to be based on this if I can get it to work
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

need iptables help Robin Wood (Dec 23)
- Re: need iptables help anthony kasza (Dec 23)
  - Re: need iptables help Robin Wood (Dec 23)
    - Re: need iptables help Hans Kokx (Dec 23)
- Re: need iptables help John Strand (Dec 23)
  - Re: need iptables help Robin Wood (Dec 23)
- Re: need iptables help Robin Wood (Dec 24)
  - Re: need iptables help Robin Wood (Dec 24)
    - Re: need iptables help Nik (Dec 25)
    - Re: need iptables help Robin Wood (Dec 26)
    - Re: need iptables help Hans Kokx (Dec 26)
    - Re: need iptables help Robin Wood (Dec 26)
    - Re: need iptables help Hans Kokx (Dec 26)
    - Re: need iptables help Robin Wood (Dec 26)

(Thread continues...)