iptables REDIRECT works locally but not from outside
by ario from LinuxQuestions.org on (#6JYJ3)
Hi Folks,
I have a server that can only listen to port 23006
I want it to be publicly accessible. But only on port 443 (https).
I have systemctl setup:
Code:$ sudo sysctl --system
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/99-protect-links.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.pid_max = 4194304
fs.protected_fifos = 1
fs.protected_hardlinks = 1
fs.protected_regular = 2
fs.protected_symlinks = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1If I run another test server to listen on port 443 it works and can respond to requests.
If I run curl on port 23006 my actual server reponds:
Code:$ curl 127.0.0.1:23006
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.24.0</center>
</body>
</html>If I run this iptables command:
Code:sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 23006then I can also access my server through port 443 but ONLY from local:
Code:$ curl 127.0.0.1:443The problem is: I cannot access my server from outside. Please help. Thanks in advance.
I have a server that can only listen to port 23006
I want it to be publicly accessible. But only on port 443 (https).
I have systemctl setup:
Code:$ sudo sysctl --system
* Applying /usr/lib/sysctl.d/50-pid-max.conf ...
* Applying /usr/lib/sysctl.d/99-protect-links.conf ...
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.conf ...
kernel.pid_max = 4194304
fs.protected_fifos = 1
fs.protected_hardlinks = 1
fs.protected_regular = 2
fs.protected_symlinks = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1If I run another test server to listen on port 443 it works and can respond to requests.
If I run curl on port 23006 my actual server reponds:
Code:$ curl 127.0.0.1:23006
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.24.0</center>
</body>
</html>If I run this iptables command:
Code:sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 23006then I can also access my server through port 443 but ONLY from local:
Code:$ curl 127.0.0.1:443The problem is: I cannot access my server from outside. Please help. Thanks in advance.