Monday, August 27, 2012

UBUNTU: IPTABLES

Reference site:
https://help.ubuntu.com/community/IptablesHowTo

Basic Commands

Typing
sudo iptables -L -t nat
lists your current nat rules in iptables. If you have just set up your server, you will have no rules, and you should see

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Basic Iptables Options
Typing
sudo iptables man
lists the iptables manual

CASE: Redirect port 443 to port 8443 not working
CAUSED: IP server change, server reboot.

Solution:

    1. To reset iptables
      # iptables -L -t nat    to list nat rules
      # iptables -t nat -F    to flush nat  
      # iptables -L -t nat   after flush list nat will empty
    2. Run iptables command
      iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination server_local_ip:8443
    3. Check back the nat list.
      # iptables -L -t nat
      It will show like this:
      Chain PREROUTING (policy ACCEPT)target     prot opt source               destination
      DNAT       tcp  --  anywhere             anywhere             tcp dpt:https to:Server_IP:8443
    4. Test run the https site without port 8443.
      https://sso.domain.com:8443  become   https://sso.domain.com
    5. Save iptables rule in firewall.conf
      # iptables-save > /etc/firewall.conf
    6. Check the rule save or not in firewal# more /etc/firewall.conf
      **Make sure the date is current date:
       
      # Generated by iptables-save v1.4.12 on Mon Aug 27 07:58:04 2012
    7. Reboot server
    8. Test to run the https site again.
      https://sso.domain.com

    9. Finish.

    0 comments:

    Post a Comment