Wednesday, September 28, 2016

Iptables - Mapping port directly (http or https)

■ Add the following rules.
For mapping a port from 80(HTTP) to 8080 and from 443(HTTPS) to 8443
*nat
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
COMMIT
You don't need to set up Apache HTTP for HTTP or HTTPS
But it will not work as it is, in addition, you have to do the next step

■ Have to open 8080 and 8443 port as below
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT

■ This is full set up in iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
*nat
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
COMMIT
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)