[SOLVED] IPTables redirect rule works on amazon linux, not on debian

ario · 01-30-2024, 04:52 AM

Hi Folks,
I have a server that listens on port 20001.
I want port 80 to be redirected to port 20001.
I have an amazon linux 2 on an instance and set a redirect rule on it using command:

Code:

    sudo iptables \
        -t nat \
        -A PREROUTING \
        -p tcp \
        --dport 80 \
        -j REDIRECT \
        --to-ports 20001

And it works. I can curl both port 80 and port 20001. I can also see it as:

Code:

13     121  5868 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20001

Now on another instance with is debian 12 I run the same command and I have:

Code:

12       0     0 REDIRECT   6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20001

Notice that protocol tcp is now shown as number 6!
The rule does not work. I can curl port 20001, but I cannot curl port 80.
On the amazon linux instance (the one which works), I also have docker installed and thus:

Code:

1    3868K  229M DOCKER     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Can that be related?
Please help. Thanks in advance.

ario · 01-30-2024, 06:02 AM

While deleting old rules and making sure IPtable is clean, tried also:

Code:

iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 8080

Didn't work. Any ideas?

ario · 01-31-2024, 03:54 AM

None of the solutions on the internet worked for iptables. I have tried various combinations of chains, targets, etc. etc. Even tried tampering with systemctl:

Code:

sysctl net.ipv4.conf.all.route_localnet=1

None worked.

The only solution was this one line command:

Code:

sudo socat TCP-LISTEN:80,fork TCP:127.0.0.1:23012