https://help.ubuntu.com/community/IptablesHowTo
Basic Commands
Typing
sudo iptables -L -t natlists your current nat rules in iptables. If you have just set up your server, you will have no rules, and you should see
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Basic Iptables Options
Typing
sudo iptables man
lists the iptables manual
CASE: Redirect port 443 to port 8443 not working
CAUSED: IP server change, server reboot.
Solution:
- To reset iptables
# iptables -L -t nat to list nat rules
# iptables -t nat -F to flush nat
# iptables -L -t nat after flush list nat will empty
- Run iptables command
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination server_local_ip:8443
- Check back the nat list.
# iptables -L -t nat
It will show like this:
Chain PREROUTING (policy ACCEPT)target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:https to:Server_IP:8443
- Test run the https site without port 8443.
https://sso.domain.com:8443 become
https://sso.domain.com
- Save iptables rule in firewall.conf
# iptables-save > /etc/firewall.conf
- Check the rule save or not in firewal# more /etc/firewall.conf
**Make sure the date is current date:
# Generated by iptables-save v1.4.12 on Mon Aug 27 07:58:04 2012
- Reboot server
- Test to run the https site again.
https://sso.domain.com
- Finish.
CASE: Redirect port 443 to port 8443 not working
# iptables -L -t nat to list nat rules
# iptables -t nat -F to flush nat
# iptables -L -t nat after flush list nat will empty
# iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination server_local_ip:8443
# iptables -L -t nat
It will show like this:
Chain PREROUTING (policy ACCEPT)target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:https to:Server_IP:8443
https://sso.domain.com:8443 become https://sso.domain.com
# iptables-save > /etc/firewall.conf
**Make sure the date is current date:
# Generated by iptables-save v1.4.12 on Mon Aug 27 07:58:04 2012
https://sso.domain.com
0 comments:
Post a Comment