Linux – iptables redirect ports 80/443 to 8080/8181

On Centos 6.4, I want to block all incoming ports except 22, 80 and 443. 80 (external) should be redirected 8080 (internal). 443 (external) should be redirected to 8181 (internal). I used the following commands:

service iptables stop
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8181
service iptables save
service iptables restart

However, I can still access ports 8080 and 8181. Is there a way to block ports 8080 and 8181 externally and still have open internally for redirection from 80 and 443?

Best Answer

There's nothing in your rules dropping any packets. You can accomplish this by setting the default policy of your INPUT chain to DROP. By default it is ACCEPT:

iptables -P INPUT DROP

As you do this, you may begin to notice that your outgoing connections do not work anymore.

You can add rules at the top of your INPUT chain to ACCEPT already established traffic back in.

Do so using the following:

iptables -A INPUT -m state --state ESTABLISHED,RELATED

The RELATED part lets other related traffic through (for instance, ICMP packets sent as a result of something happening in an ESTABLISHED connection)

Best Answer

Related Solutions

Linux – iptables port redirect not working for localhost

Iptables port redirection on Ubuntu

Related Topic