Comments on: iptables Tips and Tricks – Port Redirection

By: iptables Tips and Tricks: APF (Advanced Policy Firewall) Configuration – SoftLayer Blog

Thu, 31 Jan 2013 15:09:12 +0000

[...] are used to make routing changes. If you have been following my articles, this corresponds to the iptables chains for PREROUTING and POSTROUTING where you would do things like port forwarding and other advanced configuration that you probably [...]

By: tensigh

tensigh — Wed, 03 Oct 2012 06:24:07 +0000

I’m new to iptables, but don’t you also need an “allow” rule in the forwarding chain to allow the packets to be delivered to the correct listening device?

By: evcz

evcz — Wed, 05 Sep 2012 10:04:02 +0000

you can achive the same results by using

redir ( http://linux.die.net/man/1/redir )
or
socat ( http://linux.die.net/man/1/socat )

without making use of ip_forward, NAT and masquerading

By: Mark Ridlen

Mark Ridlen — Wed, 04 Jan 2012 13:19:06 +0000

Good point Andrew, I had not considered that aspect.

Barry, I personally prefer to use just the built in iptables functionality, but there certainly is a lot to be said for CSF and APF. It also adds some intrusion detection functionality and some more advanced malicious packet filtering beyond what most people will implement. However, there is definitely merit to knowing how the iptables backend works, since something may go wrong and require a manual fix. The clock is always ticking in the hosting business.

By: Barry van Someren

Barry van Someren — Tue, 27 Dec 2011 09:24:01 +0000

Always good to see some helpful examples on IPTables.
I usually use a wrapper around IPTables like CSF (http://configserver.com/cp/csf.html) as it simplifies getting the security set up.

By: AndrewX192

AndrewX192 — Tue, 27 Dec 2011 07:05:50 +0000

This is also helpful when dealing with applications that need access to a port number less than 1024, that should not be run as root.