Thursday, January 5, 2012

Linux Command - iptables

Finally, get irritated on iptables as it keeps blocking my web server. Done some searching online and the follow helped me to unblock my port and also redirect my port internally. I am working on CentOS 5.6

1. Type the following, to open the iptables configuration file

vi /etc/sysconfig/iptables

2. Look for :RH-Firewall-1-INPUT - [0:0] and add the following before any REJECT rule. Reject rule are generally the last line of the configure file before COMMIT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

3. Save the configuration file and type

service iptables restart

4. If you type "iptables -L", you should see a entry like below. You can verify your rule by accessing your webserver via port 80

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 

5. Now, for local redirection. You cannot add the command to the above iptables configuration file. You must type the following at run time. The following will forward port 8080 to port 80

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80

6. You can verify your entry by 

 iptables -t nat -L -n -v

and you should see an entry like

 17   845 REDIRECT   tcp  --  eth0   *             tcp dpt:8080 redir ports 80 

7. Now, you can try accessing your webserver via 8080.

8. Important note is that if your restart your iptables (service iptables restart), you will lose this NAT configuration. It also means that when you restart your server, your NAT configuration will be gone.

9. So, for me, I will add this redirection command at .bash_profile so that it will apply the setting on each start up. For example, I will add these 2 statement on .bash_profile

service iptables restart
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 4320 -j REDIRECT --to-port 80

No comments:

Post a Comment

PuTTY - Keeping session alive

If you have some VPN tunnels that timeout based on activity, you could try the following setting if you are using PuTTY 1) Open PuTTY and...