Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Iptables

Options
  • 12-06-2020 2:21pm
    #1
    maccored
    Registered Users Posts: 10,665 ✭✭✭✭


    disclaimer: I dont know a lot about iptables

    I have router on a network. The ip of the internet facing router is 192.168.1.1. Ive put my router on the network and gave it an address of 192.168.2.1. Its running DHCP.

    Connecting to the new router and trying to connect to the web works fine.

    What I wish to do is rather than letting connections on that sub network (192.168.2.x) go to the internet, I wish instead to redirect them to another port on the 192.168.2.1 router.

    I know I can do this with a capture portal - which I have also set up. Thats fine though while the capture portal is running, but you can quit out of the capture portal and then access the web, which defeats the purpose.

    I set up a rule to reject anything going out to the internet facing router and this works fine - but anything I try to redirect to another port doesnt

    Googling says to try something like this

    iptables -t nat -A PREROUTING -p tcp 192.168.1.1 -dport 80 -j DNAT --to-destination 192.168.2.1:8080
    iptables -t nat -A POSTROUTING -j MASQUERADE

    ... and when I do iptables -t nat -L -n -v i get:

    Chain PREROUTING (policy ACCEPT 5 packets, 540 bytes)
    pkts bytes target prot opt in out source destination
    6 648 WANPREROUTING all -- * * 0.0.0.0/0 192.168.1.17
    0 0 DROP all -- vlan2 * 0.0.0.0/0 192.168.2.0/24

    Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    46 3018 MASQUERADE all -- * vlan2 0.0.0.0/0 0.0.0.0/0
    1 328 SNAT all -- * br0 192.168.2.0/24 192.168.2.0/24 to:192.168.2.1

    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DNAT tcp -- * * 0.0.0.0/0 192.168.1.1 tcp dpt:80 to:192.168.2.1:8080


    Chain WANPREROUTING (1 references)
    pkts bytes target prot opt in out source destination
    0 0 DNAT icmp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.2.1


    ... which looks like its saying that it would redirect any traffic to 192.168.2.1:8080 .

    It doesnt though. Where am I going wrong?


Comments

Advertisement