Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] iptables command won't forward a port
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
johnklug
n00b
n00b


Joined: 17 Jun 2013
Posts: 31

PostPosted: Mon May 02, 2016 1:42 am    Post subject: [SOLVED] iptables command won't forward a port Reply with quote

I am trying to redirect TCP 443 to 8443.


    strace -f -o /tmp/trace.txt iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
    iptables: No chain/target/match by that name.

    22056 socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 4
    22056 fcntl(4, F_SETFD, FD_CLOEXEC) = 0
    22056 getsockopt(4, SOL_IP, 0x40 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [84]) = 0
    22056 getsockopt(4, SOL_IP, 0x41 /* IP_??? */, "nat\0H\177\0\0X\\\257FH\177\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., [824]) = 0
    22056 setsockopt(4, SOL_IP, 0x40 /* IP_??? */, "nat\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1096) = -1 ENOENT (No such file or directory)
    22056 close(4) = 0
    22056 write(2, "iptables: No chain/target/match "..., 46) = 46


So is there something I have to do to create the NAT table?


    # zgrep -E '^[^#]' config-3.17.7-gentoo | grep NF_CONN
    CONFIG_NF_CONNTRACK=y
    CONFIG_NF_CONNTRACK_SECMARK=y
    CONFIG_NF_CONNTRACK_PROCFS=y
    CONFIG_NF_CONNTRACK_FTP=y
    CONFIG_NF_CONNTRACK_IRC=y
    CONFIG_NF_CONNTRACK_SIP=y
    CONFIG_NF_CONNTRACK_IPV4=y
    CONFIG_NF_CONNTRACK_PROC_COMPAT=y
    CONFIG_NF_CONNTRACK_IPV6=y


Last edited by johnklug on Sat May 14, 2016 9:11 pm; edited 1 time in total
Back to top
View user's profile Send private message
Syl20
l33t
l33t


Joined: 04 Aug 2005
Posts: 619
Location: France

PostPosted: Mon May 02, 2016 8:45 am    Post subject: Reply with quote

Did you enable the REDIRECT target when compiling your kernel ? Is the module (if compiled it as a module) loaded ?
http://cateee.net/lkddb/web-lkddb/IP_NF_TARGET_REDIRECT.html
Back to top
View user's profile Send private message
johnklug
n00b
n00b


Joined: 17 Jun 2013
Posts: 31

PostPosted: Sat May 14, 2016 9:09 pm    Post subject: Reply with quote

I added the following two kernel configuration tags, and port redirection worked:
    CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
    CONFIG_IP_NF_TARGET_REDIRECT=m


Not sure if both are needed.


The doc from http://cateee.net/lkddb/web-lkddb/IP_NF_TARGET_REDIRECT.html says
    This is a backwards-compat option for the user's convenience (e.g. when running oldconfig). It selects NETFILTER_XT_TARGET_REDIRECT.


It may be that only CONFIG_NETFILTER_XT_TARGET_REDIRECT=m is needed.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum