[Firehol-support] Port forwarding using dnat and traffic from localhost

Phil Whineray phil at sanewall.org
Wed Jun 4 20:13:21 BST 2014


On Wed, Jun 04, 2014 at 08:57:57AM +0200, Silvio Bierman wrote:
> >  # Redirect $ip:80 to port 8080, when generated on local machine
> >  iptables -t nat -A OUTPUT -d $ip -p tcp --dport 80 -j REDIRECT --to-port 8080
> >
> >Add this too, if you want http://localhost:80/ to also redirect:
> >
> >  # Redirect port 80 to port 8080, when using loopback interface
> >  iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
> Thank you Phil,
> 
> This works great, thank you.
> 
> I have entered these commands manually logged in as root. Is this
> something I could do from the firehol.conf line? If so, would these
> redirects also be removed from iptables if I stop the firehol
> service?

Yes, you should just be able to include these as-is within the firehol.conf;
they invoke the iptables helper (http://firehol.org/manual/firehol-iptables/)
rather than iptables directly, so the rules are kept in the finished
firewall.

Also, yes, if you run "firehol stop", these rules will get cleared at
the same time as any others.

Cheers
Phils



More information about the Firehol-support mailing list