I configured port forwarding through iptables and ufw. But there is something I do not understand, I just cant get iptables to forward port 443 to 8443 without allowing port 8443 on UFW.
I want port 443 to forward to port 8443 but I also want port 8443 to be disallowed from outside my network.
In resume, I can only forward port 443 to 8443 if I fully allow both ports 443 and 8443 on UFW.
This is the only rule I have in before.rules:
-A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443
This is my iptables routing config (really simple):
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 8443
This is my UFW status that works:
To Action From
-- ------ ----
22 ALLOW Anywhere
443 ALLOW Anywhere
8443 ALLOW Anywhere // THIS IS WHAT BOTHERS ME
22 ALLOW Anywhere (v6)
443 ALLOW Anywhere (v6)
8443 ALLOW Anywhere (v6) // THIS IS WHAT BOTHERS ME
This is how i want my firewall protection but does not work:
To Action From
-- ------ ----
22 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere (v6)
443 ALLOW Anywhere (v6)
Any ideas?
Thanks in advance.
Best Answer
Instead of using PREROUTING to redirect the packets, you can use
rinetd
. This program listens on a given port, and when someone connects to it, rinetd connects to a given destination port and essentially proxies traffic between the two. With rinetd listening on port 443 and forwarding connections to port 8443, you can allow connections on 8443 from localhost and block all others.