Koozali.org: home of the SME Server

Putting iptable redirection in masq

stormdragon

Putting iptable redirection in masq
« on: January 09, 2005, 06:41:48 PM »
Could anyone be so kind as to tell me what I should put under
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/
in order to accomplish the same as the following:

iptables -t nat -A PREROUTING -p tcp --dport 7080 -j REDIRECT --to-port 80

...or is there an easier way?

:)

go_jesse

Putting iptable redirection in masq
« Reply #1 on: January 11, 2005, 10:03:09 PM »
there is probably a better way, but

at the console, add that rule
then do
iptables-save -t nat > myrules

then take a look at myrules and you can add the line you care about with the 7080 to templates-custom

PS let me know if it doesn't work, I didn't try this myself, but have used similar in the past.

Jesse

splunk

Putting iptable redirection in masq
« Reply #2 on: July 01, 2005, 08:47:38 PM »
go_jesse, what template fragment would you reccomend putting that in?

go_jesse

Putting iptable redirection in masq
« Reply #3 on: July 04, 2005, 02:47:15 AM »
my advice from before was a little off, as the masq file is simply a command list, not an iptables rules file like iptables-save creates.

to do this kind of thing i installed the portforwarding plugin.

It isn't a real simple solution, but if you can figure out what table you want it in, I'd suggest that you modify either the original template in
/etc/e-smith/templates/etc/rc.d/init.d/masq

with the exact command you want, or put it in a file like /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/91adjustPortForwardLocal
making sure to choose a unique name for your file (and they are read in ASCIIbetical order to build the masq file) so that it doesn't accidentally replace something in /etc/e-smith/templates/etc/rc.d/init.d/masq

And I'd make sure to insert it before the default -j ACCEPT or whatever in the PREROUTING chain.

so my 91adjustPortForwardLocal file looks like (if you choose to do it without installing the plugin)

     /sbin/iptables -t nat -I PREROUTING 1 -p tcp --dport 7080 -j REDIRECT --to-port 80