Cannot curl from the same server when it has PREROUTING ip forwarding

Question

I have a Ubuntu web server that uses iptables PREROUTING to forward port 80 to 8000.

So the web process listens on port 8000. Now I want to make a curl from the same server to a web application running on it. But this issues a Connection refused:

$ curl http://my.webite.com/on/same/server
curl: (7) Failed connect to my.webite.com:80; Connection refused

curl-ing on port 8000 works (but it must work on port 80).

I also made sure that that web server listens on all interfaces (not only on the physical one):

$ netstat -ntl | grep LISTEN
...
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN
...

The domain of my app (my.webite.com) also resolves to the physical interface IP.

Why do I get the Connection refused?

score 2 · Accepted Answer · edited Oct 02 '14 at 13:19

2

The PREROUTING chain doesn't apply to local (loopback) traffic. You will need a redirect rule in the OUTPUT chain for it to work on the local system.

For example:

iptables -t nat -A OUTPUT -i lo -p tcp --dport 80 -j REDIRECT --to-port 8000

edited Oct 02 '14 at 13:19

Andrew Schulman

8,561
21
31
47

answered Oct 02 '14 at 09:51

Gene

3,633
19
39

Cannot curl from the same server when it has PREROUTING ip forwarding

1 Answers1

Linked