0

I am trying to set up a redirect for 443 to 8443 (non-root app can not use privileged port) using the following:

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

However, when trying to connect on 443 (via localhost), I am getting a 'connection refused'. 8443 is open and functioning. I assume a 'connection refused' issue precludes response packets being dropped, as that would result in a timeout.

No other rules exist for filter, nat, mangle, or raw.

Distribution information:

# rpm -q iptables
iptables-1.3.5-9.1.el5
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.8 (Tikanga)
Ben
  • 101
  • 1
  • Found the answer [here](http://serverfault.com/questions/211536/iptables-port-redirect-not-working-for-localhost). I needed to add a separate rule for loopback to work: `iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443` – Ben Jan 15 '13 at 23:22
  • 3
    This should be an answer, not a comment. – Michael Hampton Jan 15 '13 at 23:26
  • Thanks for the tip. but as I am not yet privileged enough to answer my own questions in a timely manner, a comment will have to suffice. – Ben Jan 16 '13 at 03:31

1 Answers1

1

PREROUTING is for NATting packets before they are routed. Locally-generated packets are OUTPUTted, not routed. So use the OUTPUT chain.

David Schwartz
  • 31,215
  • 2
  • 53
  • 82