APF / iptables port forward

Fr3d · May 17, 2006, 10:09am

This is probably a simple question with an equally simple answer, but I coulnd’t find anything useful on google…

Is it possible to create a rule in APF or iptables that can forward port X on an IP to port Y on the same IP?

Thanks

system · May 17, 2006, 10:48am

Hi Fr3d-

According to Socheat, port forwarding is not possible with APF. However, APF simply sits on top of and manipulates iptables, in which port forwarding is certainly possible. Here is a how to on setting up port forwarding in iptables.
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/forwarders.html

–Dustin

system · May 17, 2006, 11:34am

Dustin is right but you also should hack the apf.rules or modify the init.d apf script to add yours which contains the rules for ip masquerade

Every time APF is stoped and restarted it flushs the iptables rules then load it rules. So if you just manualy add your rule in iptable they’ll be lost every time APF is restarded (and it is every days)

In fact I have just check the APF dir and you have a postroute.rules which might contains your own rules. (maybe check this in the apf forum or at other place as I didn’t set up and I’m not sure at 100% it works. The best could be to check in main.rules where and how the postroute.rules and/or the preroute.rules are loaded)

Hope it helps

Pascal

Fr3d · May 17, 2006, 1:18pm

Thanks Dustin and pascal, I’ll look into it

system · May 20, 2006, 12:05pm

Hello Fr3d, I have the following rule directly at file /etc/apf/firewall that forwards port 666 to 80, on an Interworx-CP server. Purpose is using that port (666) for a custom download program that aims to avoid proxy-caches, and it just works fine. Hope it helps.

redirects incoming traffic on port 666 to 80

$IPT -t nat -A PREROUTING -p tcp --dport 666 -i eth0 -j REDIRECT --to-port 80

Regards,

Fr3d · May 20, 2006, 4:11pm

Nice one juangake, I’ll try it