How can I make port rerouting work locally?
Behold this command:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
I use that to reroute any incoming traffic from 80 to 8080, because the Apache 2 server on that computer runs as an unprivileged user and only root can open well known ports. It is saved in /etc/iptables/rules.v4 and it works, if I open the web site on a remote computer. The virtual host is bound to 192.168.X.X:8080.
However, if I ssh into that server and open a browser with X11Forwarding active, entering the IP into the address bar won't open the web site, but the connection will time out instead. Only if I add :8080 to the address it works. So bottom line, the port routing is not working when opened on the same computer.
My question is: How do I need to modify or add a routing directive, so this will work locally as well?
networking iptables debian-stretch
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
add a comment |
Behold this command:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
I use that to reroute any incoming traffic from 80 to 8080, because the Apache 2 server on that computer runs as an unprivileged user and only root can open well known ports. It is saved in /etc/iptables/rules.v4 and it works, if I open the web site on a remote computer. The virtual host is bound to 192.168.X.X:8080.
However, if I ssh into that server and open a browser with X11Forwarding active, entering the IP into the address bar won't open the web site, but the connection will time out instead. Only if I add :8080 to the address it works. So bottom line, the port routing is not working when opened on the same computer.
My question is: How do I need to modify or add a routing directive, so this will work locally as well?
networking iptables debian-stretch
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
add a comment |
Behold this command:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
I use that to reroute any incoming traffic from 80 to 8080, because the Apache 2 server on that computer runs as an unprivileged user and only root can open well known ports. It is saved in /etc/iptables/rules.v4 and it works, if I open the web site on a remote computer. The virtual host is bound to 192.168.X.X:8080.
However, if I ssh into that server and open a browser with X11Forwarding active, entering the IP into the address bar won't open the web site, but the connection will time out instead. Only if I add :8080 to the address it works. So bottom line, the port routing is not working when opened on the same computer.
My question is: How do I need to modify or add a routing directive, so this will work locally as well?
networking iptables debian-stretch
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
Behold this command:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
I use that to reroute any incoming traffic from 80 to 8080, because the Apache 2 server on that computer runs as an unprivileged user and only root can open well known ports. It is saved in /etc/iptables/rules.v4 and it works, if I open the web site on a remote computer. The virtual host is bound to 192.168.X.X:8080.
However, if I ssh into that server and open a browser with X11Forwarding active, entering the IP into the address bar won't open the web site, but the connection will time out instead. Only if I add :8080 to the address it works. So bottom line, the port routing is not working when opened on the same computer.
My question is: How do I need to modify or add a routing directive, so this will work locally as well?
networking iptables debian-stretch
networking iptables debian-stretch
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
asked Jan 8 at 16:36
BadSnowflakeBadSnowflake
4881519
4881519
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The reason this did not work is because packages from local sources do not got through the routing stage, since there is no routing needed for local packages. Therefore, this rule does not apply. To route packages coming from local source, one needs to send it directly to OUTPUT:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391941%2fhow-can-i-make-port-rerouting-work-locally%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The reason this did not work is because packages from local sources do not got through the routing stage, since there is no routing needed for local packages. Therefore, this rule does not apply. To route packages coming from local source, one needs to send it directly to OUTPUT:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
add a comment |
The reason this did not work is because packages from local sources do not got through the routing stage, since there is no routing needed for local packages. Therefore, this rule does not apply. To route packages coming from local source, one needs to send it directly to OUTPUT:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
add a comment |
The reason this did not work is because packages from local sources do not got through the routing stage, since there is no routing needed for local packages. Therefore, this rule does not apply. To route packages coming from local source, one needs to send it directly to OUTPUT:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
The reason this did not work is because packages from local sources do not got through the routing stage, since there is no routing needed for local packages. Therefore, this rule does not apply. To route packages coming from local source, one needs to send it directly to OUTPUT:
iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
answered Jan 14 at 5:37
BadSnowflakeBadSnowflake
4881519
4881519
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391941%2fhow-can-i-make-port-rerouting-work-locally%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
