Help getting iptables REDIRECT to work

Wed, 20 Oct 2010 17:43:00 -0700 

Although no strictly a 'firewall' question, I expect the experts on
iptables are on this list.

I have Debian lenny.
$ uname -r 
2.6.32.21-m64-mb1

I'm trying to get the following iptables command to work (response shown
on lines 2 & 3):

$ sudo iptables -v -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT
--to-port 8080
REDIRECT tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp dpt:80 redir
ports 8080 
iptables: No chain/target/match by that name

The system config checks I have run are:
$ cat /proc/sys/net/ipv4/ip_forward
1


$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

$ /sbin/lsmod
Module Size Used by
xt_tcpudp       2431 0 
iptable_nat     4110 0 
nf_nat          13465 1 iptable_nat
iptable_filter  1410 0 
ip_tables       14618 2 iptable_nat,iptable_filter
x_tables        13916 3 xt_tcpudp,iptable_nat,ip_tables
ipv6            254105 16 
nls_iso8859_15  4734 1 
nls_cp850       4985 1 


It looks as though I am missing a kernel module - one that would supply
the PREROUTING and REDIRECT chain targets. Is that what's wrong? 

On a Ubuntu system the above command works OK.

On executing /sbin/lsmod on the Ubuntu system a module 'ipt_REDIRECT' is
listed - which would seem to be what I need on the Debian system.

I've looked in /lib/modules/2.6.32.21-m64-mb1/kernel/net/ ipv4/netfilter

It contains the following filters:
arptable_filter.ko
arpt_mangle.ko 
iptable_filter.ko 
iptable_nat.ko 
ip_tables.ko 
ipt_ah.ko 
ipt_ECN.ko 
ipt_MASQUERADE.ko 
ipt_ULOG.ko 
nf_nat.ko
arp_tables.ko 
ip_queue.ko 
iptable_mangle.ko 
iptable_raw.ko 
ipt_addrtype.ko 
ipt_ecn.ko 
ipt_LOG.ko 
ipt_REJECT.ko 
nf_nat_ftp.ko 
nf_nat_sip.ko

Looks like there are several there related to ip tables, but not
(obviously) the one I need!

Can anyone tell me how to get REDIRECT working, or suggest further
diagnostics?




-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/1287621193.1312.463.ca...@nangpa

Reply via email to