[Firehol-support] Port forwarding using dnat and traffic from localhost

Silvio Bierman sbierman at jambo-software.com
Thu Jun 5 07:50:14 BST 2014

On 06/04/2014 09:13 PM, Phil Whineray wrote:
> On Wed, Jun 04, 2014 at 08:57:57AM +0200, Silvio Bierman wrote:
>>>   # Redirect $ip:80 to port 8080, when generated on local machine
>>>   iptables -t nat -A OUTPUT -d $ip -p tcp --dport 80 -j REDIRECT --to-port 8080
>>> Add this too, if you want http://localhost:80/ to also redirect:
>>>   # Redirect port 80 to port 8080, when using loopback interface
>>>   iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
>> Thank you Phil,
>> This works great, thank you.
>> I have entered these commands manually logged in as root. Is this
>> something I could do from the firehol.conf line? If so, would these
>> redirects also be removed from iptables if I stop the firehol
>> service?
> Yes, you should just be able to include these as-is within the firehol.conf;
> they invoke the iptables helper (http://firehol.org/manual/firehol-iptables/)
> rather than iptables directly, so the rules are kept in the finished
> firewall.
> Also, yes, if you run "firehol stop", these rules will get cleared at
> the same time as any others.
> Cheers
> Phils
Great Phil,

Thank you very much. You have helped me to an elegant solution for a 
problem I have been struggling with for a couple of years now.



More information about the Firehol-support mailing list