Help getting iptables REDIRECT to work
Although no strictly a 'firewall' question, I expect the experts on
iptables are on this list.
I have Debian lenny.
$ uname -r
2.6.32.21-m64-mb1
I'm trying to get the following iptables command to work (response shown
on lines 2 & 3):
$ sudo iptables -v -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT
--to-port 8080
REDIRECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 redir
ports 8080
iptables: No chain/target/match by that name
The system config checks I have run are:
$ cat /proc/sys/net/ipv4/ip_forward
1
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ /sbin/lsmod
Module Size Used by
xt_tcpudp 2431 0
iptable_nat 4110 0
nf_nat 13465 1 iptable_nat
iptable_filter 1410 0
ip_tables 14618 2 iptable_nat,iptable_filter
x_tables 13916 3 xt_tcpudp,iptable_nat,ip_tables
ipv6 254105 16
nls_iso8859_15 4734 1
nls_cp850 4985 1
It looks as though I am missing a kernel module - one that would supply
the PREROUTING and REDIRECT chain targets. Is that what's wrong?
On a Ubuntu system the above command works OK.
On executing /sbin/lsmod on the Ubuntu system a module 'ipt_REDIRECT' is
listed - which would seem to be what I need on the Debian system.
I've looked in /lib/modules/2.6.32.21-m64-mb1/kernel/net/ ipv4/netfilter
It contains the following filters:
arptable_filter.ko
arpt_mangle.ko
iptable_filter.ko
iptable_nat.ko
ip_tables.ko
ipt_ah.ko
ipt_ECN.ko
ipt_MASQUERADE.ko
ipt_ULOG.ko
nf_nat.ko
arp_tables.ko
ip_queue.ko
iptable_mangle.ko
iptable_raw.ko
ipt_addrtype.ko
ipt_ecn.ko
ipt_LOG.ko
ipt_REJECT.ko
nf_nat_ftp.ko
nf_nat_sip.ko
Looks like there are several there related to ip tables, but not
(obviously) the one I need!
Can anyone tell me how to get REDIRECT working, or suggest further
diagnostics?
Reply to: