Re: alfresco and iptables

[Craig White <craigwhite@xxxxxxxxxxx>]

On Sun, 2007-12-09 at 14:19 -0600, Les Mikesell wrote:
> Craig White wrote:
> >>
> >> iptables -t nat -A PREROUTING -p tcp -d 192.168.3.8 --dport 445 \
> >>   -j REDIRECT --to-ports 1445
> >> iptables -t nat -A OUTPUT -p tcp -d 192.168.3.8 --dport 445 \
> >>   -j REDIRECT --to-ports 1445
> > ----
> > the thing I can't figure out is why they don't show up...
> > # iptables -L
> > Chain INPUT (policy ACCEPT)
> > target     prot opt source               destination
> > 
> > Chain FORWARD (policy ACCEPT)
> > target     prot opt source               destination
> > 
> > Chain OUTPUT (policy ACCEPT)
> > target     prot opt source               destination
> > 
> > even though, I just executed...
> 
> You need to explicitly list the nat table:
> 
> iptables --list -t nat
----
OK - cool, they're there (line wrapping certain to occur but I'm not
gonna fix it)

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT   tcp  --  anywhere             alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT   udp  --  anywhere             alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
REDIRECT   udp  --  anywhere             alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             alfresco.tobyhouse.com tcp
dpt:microsoft-ds redir ports 1445
REDIRECT   tcp  --  anywhere             alfresco.tobyhouse.com tcp
dpt:netbios-ssn redir ports 1139
REDIRECT   udp  --  anywhere             alfresco.tobyhouse.com udp
dpt:netbios-dgm redir ports 1138
REDIRECT   udp  --  anywhere             alfresco.tobyhouse.com udp
dpt:netbios-ns redir ports 1137
----
> 
> 
> > -A PREROUTING -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
> > -A OUTPUT -d 192.168.3.8 -p tcp -m tcp --dport 139 -j REDIRECT
> > --to-ports 1139
> 
> > 
> > At any rate, this hasn't changed anything ;-(
> 
> 
> I don't think you need the '-m udp/tcp' entries but I'm not sure if they 
> hurt anything.
----
I really didn't, I just did an 'service iptables save' and then listed
the output of /etc/sysconfig/iptables just to see what rules were in
place. Evidently, when you save the current rule set by 'service
iptables save', it added the -m tcp/udp designations.

Craig