1

I am using the following command to forward incoming traffic from port 30 to port 1234. But it's not working. In Wireshark also there is no trace of packets directing to port 1234 are found.

sudo iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 -p tcp --dport 30 -j REDIRECT --to-ports 1234.

askedJul 20, 2018 at 8:16
SRNB's user avatar
2
  • Look at the kernel ip forwarding settings i.e. by running the command "sysctl -ar forward" Make sure that the relevant settings are enabled. For example, if you are using IP version 4, ensure that "net.ipv4.conf.all.forwarding" is set to 1CommentedJul 20, 2018 at 9:16
  • Yes. net.ipv4.ip_forward is also set to 1 and also uncommented at the system variable file(/etc/sysctl.conf) to allow forwarding. But still doesn't seem to work.CommentedJul 20, 2018 at 11:30

2 Answers2

2

Local forwarding of packets different port doesn't pass through PREROUTING chain. They follow the OUTPUT chain. Changing the chain from PREROUTING to OUTPUT works.

sudo iptables -t nat -A OUTPUT -p tcp --dport 30 -j REDIRECT --to-port 1234

More details can be found here about the iptables NAT Filters:
https://www.karlrupp.net/en/computer/nat_tutorial

Pang's user avatar
Pang
2432 silver badges7 bronze badges
answeredJul 24, 2018 at 7:35
SRNB's user avatar
0

check if this is enabled or not by

sudo iptables -t nat -L

If There are any entries , delete them using:

sudo iptables -F -t nat

Try without src dest flags:

sudo iptables -t nat -A PREROUTING -p tcp --dport 30 -j REDIRECT --to-ports 1234

check again if this is enabled or not by

sudo iptables -t nat -L

It is Important to remove chained entries queued by default to "OUTPUT" route.

Rui F Ribeiro's user avatar
Rui F Ribeiro
58k28 gold badges156 silver badges239 bronze badges
answeredJul 20, 2018 at 8:32
Pavan Kate's user avatar

You mustlog in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.