[Solved?] iptables port redirection.

Cilph · 2011-09-05 05:22:04

Hello all, I've set up a virtual machine via VirtualBox (both host/guest are Arch x64) as a small development webserver. The VM is connected via NAT and has ports forwarded to the host for SSH and HTTP. HTTP has been linked to the host's 8080 but I would like to redirect this to the host's 80 via iptables, as assigning it to 80 directly needs root privileges on the VM.

So: VM port 80 -> Host port 8080 -> Iptables -> Host port 80.

My iptables.rules is as follows:

# Generated by iptables-save v1.4.12 on Mon Sep  5 06:25:32 2011
*filter
:INPUT ACCEPT [40:2890]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:2579]
-A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Mon Sep  5 06:25:32 2011
# Generated by iptables-save v1.4.12 on Mon Sep  5 06:25:32 2011
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:718]
:POSTROUTING ACCEPT [2:718]
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
-A PREROUTING -i lo -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT
# Completed on Mon Sep  5 06:25:32 2011

The result however, is a Connection Refused on any connection attempt on port 80. The original Virtualbox port 8080 works as intended. Any help?

[sander@LP-Sander-Arch ~]$ wget localhost:80
--2011-09-05 07:23:24--  http://localhost/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... failed: Connection refused.
Connecting to localhost|127.0.0.1|:80... failed: Connection refused.

[sander@LP-Sander-Arch ~]$ wget localhost:8080
--2011-09-05 07:23:41--  http://localhost:8080/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:8080... failed: Connection refused.
Connecting to localhost|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12 [text/html]
Saving to: `index.html.26'

100%[======================================>] 12          --.-K/s   in 0.009s  

2011-09-05 07:23:41 (1.35 KB/s) - `index.html.26' saved [12/12]

Last edited by Cilph (2011-09-05 10:20:02)

fukawi2 · 2011-09-05 09:15:42

On the host...

iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to x.x.x.x:8080

Where x.x.x.x is the "internal" address of the VM guest, which I'm guessing is something in the 10.0.2.0 range:

http://www.virtualbox.org/manual/ch06.html#network_nat wrote:

....the first card is connected to the private network 10.0.2.0, the second card to the network 10.0.3.0 and so on.

Cilph · 2011-09-05 09:27:57

fukawi2 wrote:

On the host...
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to x.x.x.x:8080
Where x.x.x.x is the "internal" address of the VM guest, which I'm guessing is something in the 10.0.2.0 range:
http://www.virtualbox.org/manual/ch06.html#network_nat wrote:
....the first card is connected to the private network 10.0.2.0, the second card to the network 10.0.3.0 and so on.

This seems to be from the VM's perspective. In NAT mode the only way for the outside to communicate with the VM is via port forwarding. There is no IP I can access it with from the host. The rule you gave me seems to add nothing to what I already have. (and doesn't work for me)

EDIT: Okay! I've learned that the PREROUTING does not apply to the loopback interface so I added

-A OUTPUT -o lo -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

and now it works on my loopback interface. It doesn't work for people outside my network yet but I feel this is for different reasons, such as my ISP blocking port 80.

Last edited by Cilph (2011-09-05 10:11:23)

Arch Linux

#1 2011-09-05 05:22:04

[Solved?] iptables port redirection.

#2 2011-09-05 09:15:42

Re: [Solved?] iptables port redirection.

#3 2011-09-05 09:27:57

Re: [Solved?] iptables port redirection.

Board footer