Iptables redirect from one local port to another
Hello,
I need some help with creating my iptables rules.
I would like to redirect all requests coming to port 80 to port 8080.
I've tried with DNAT and REDIRECT and they both work fine, but also I would like to block port 8080 to be not accessible from outside the box.
Here is an example of what I have done:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -t nat -A PREROUTING -j REDIRECT -p tcp --dport 80 --to-ports 8080
If I set the default policy for INPUT and OUTPUT to DROP, the redirection does not work.
I've tried also to add the following two:
iptables -A INPUT -i eth0 -p tcp -s 192.168.1.5 -d 192.168.1.5 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -s 192.168.1.5 -d 192.168.1.5 -j ACCEPT
The IP 192.168.1.5 is where is bound the service listening to port 8080.
If I leave the default policies to ACCEPT everyone is able to access the service via both ports 80 and 8080, but I would like to prevent the access to port 8080.
Thanks in advance.
|