I have an http server listening on ports 8080 (http) and 8081 (https) on 127.0.0.1
I have these iptables rules to redirect from/to $external_ip
:
iptables -t nat -A PREROUTING -i eno1 -p tcp -d $external_ip --dport 80 -j DNAT --to-destination 127.0.0.1:8080
iptables -t nat -A PREROUTING -i eno1 -p tcp -d $external_ip --dport 443 -j DNAT --to-destination 127.0.0.1:8081
- HTTP (80 to/from 8080) works fine
- HTTPS (443 to/from 8081) doesn't work
The server is a Tomcat instance using apache APR libraries to handle https connections.
Is there something I'm missing?
UPDATE:
Chains for table NAT:
$ iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 1111 packets, 69838 bytes)
pkts bytes target prot opt in out source destination
14 724 REDIRECT tcp -- eno1 * 0.0.0.0/0 101.0.105.178 tcp dpt:80 redir ports 8080
6 360 REDIRECT tcp -- eno1 * 0.0.0.0/0 101.0.105.178 tcp dpt:443 redir ports 8081
Chain INPUT (policy ACCEPT 1064 packets, 66008 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 9 packets, 596 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 9 packets, 596 bytes)
pkts bytes target prot opt in out source destination
Best Answer
I can see that your rules are correct. The possibility of blocking traffic by your firewall has been verified as you commented. The NAT rule has been hit several times as indicated in the bytes and packets counter shown in output of
iptables -t nat -L -n -v
.You need to make sure you can access the port 443 locally, and you can verify your web server is listening on this port using
netstat -lnp
.