I would like to forward all incoming traffic from a certain port to another one using iptables. The problem is that prerouting doesn't work for traffic from localhost. This topic suggests a solution:
iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8080
This solution does work for most cases. However, when I connect to http://myserver:443 where myserver resolves to an IP address that is hosted on the local machine, but is not 127.0.0.1 it seems to bypass both rules.
Is there a way to also catch forwards requests from the local machine that are done to the eth0 ip address?
Best Answer
Instead of doing
-d 127.0.0.1on the OUTPUT rule, you could do-o lo. This will match any traffic going through the loopback interface no matter what the destination is.As a side note, even when you send to 'http://myserver:443', the traffic is still local, so it still goes through the loopback interface, even though it doesnt resolve to '127.0.0.1'.