UBUNTU: IPTABLES

Reference site:
https://help.ubuntu.com/community/IptablesHowTo

Basic Commands

Typing

sudo iptables -L -t nat

lists your current nat rules in iptables. If you have just set up your server, you will have no rules, and you should see

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Basic Iptables Options

Typing

sudo iptables man

lists the iptables manual

CASE: Redirect port 443 to port 8443 not working

CAUSED: IP server change, server reboot.

Solution:

1. To reset iptables
   # iptables -L -t nat    to list nat rules
   # iptables -t nat -F    to flush nat  
   # iptables -L -t nat   after flush list nat will empty
2. Run iptables command
   # iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination server_local_ip:8443
3. Check back the nat list.
   # iptables -L -t nat
   It will show like this:
   Chain PREROUTING (policy ACCEPT)target     prot opt source               destination
   DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:Server_IP:8443
4. Test run the https site without port 8443.
   https://sso.domain.com:8443  become   https://sso.domain.com
5. Save iptables rule in firewall.conf
   # iptables-save > /etc/firewall.conf
6. Check the rule save or not in firewal# more /etc/firewall.conf
   **Make sure the date is current date: 
   # Generated by iptables-save v1.4.12 on Mon Aug 27 07:58:04 2012
7. Reboot server
8. Test to run the https site again.
   https://sso.domain.com
   
   
9. Finish.