[Bug 429] -j REDIRECT does not appear to work correctly

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Thu Feb 23 06:50:13 CET 2006


https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=429





------- Additional Comments From James.Schatzman at futurelabusa.com  2006-02-23 06:50 MET -------
For reference, here is the iptables -t nat -nvL output with dnat:
Chain OUTPUT (policy ACCEPT 15919 packets, 1049K bytes)
 pkts bytes target     prot opt in     out     source               destination
        
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:80 to:216.152.242.200:9080 
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:443 to:216.152.242.200:9443 
   60  3600 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.192/28  tcp dpt:80 redir ports 8080 
   51  3060 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.192/28  tcp dpt:443 redir ports 8443 

Chain POSTROUTING (policy ACCEPT 16030 packets, 1055K bytes)
 pkts bytes target     prot opt in     out     source               destination
        

Chain PREROUTING (policy ACCEPT 46112 packets, 2555K bytes)
 pkts bytes target     prot opt in     out     source               destination
        
 6150  329K DNAT       tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:80 to:216.152.242.200:9080 
 3933  219K DNAT       tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:443 to:216.152.242.200:9443 
 2255  127K REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        tcp dpt:80 redir ports 8080 
    3   144 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        tcp dpt:443 redir ports 8443 



Here is the result after reconfiguring iptables to use REDIRECT, rebooting and
attempting to connect to the special IP on port 80. Keep in mind that this is a
working server so there is other traffic....


Chain OUTPUT (policy ACCEPT 39 packets, 3592 bytes)
 pkts bytes target     prot opt in     out     source               destination
        
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:80 redir ports 9080 
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:443 redir ports 9443 
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.192/28  tcp dpt:80 redir ports 8080 
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.192/28  tcp dpt:443 redir ports 8443 

Chain POSTROUTING (policy ACCEPT 39 packets, 3592 bytes)
 pkts bytes target     prot opt in     out     source               destination
        

Chain PREROUTING (policy ACCEPT 216 packets, 69034 bytes)
 pkts bytes target     prot opt in     out     source               destination
        
   81  4196 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:80 redir ports 9080 
   48 23221 REDIRECT   tcp  --  *      *       0.0.0.0/0           
216.152.242.200     tcp dpt:443 redir ports 9443 
    3   180 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        tcp dpt:80 redir ports 8080 
    0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0  
        tcp dpt:443 redir ports 8443 



All this looks normal to me. However, the dnat configuration works as I expected
whereas the REDIRECT does not. I am still puzzled.



-- 
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.



More information about the netfilter-buglog mailing list