digininja Posted December 21, 2012 Share Posted December 21, 2012 I've got the following iptables rule iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8008[/CODE]and I need it to ignore requests where the destination is either localhost or the IP of the local machine. I know it can be done but to save me digging out my iptables references can anyone give me the answer? Quote Link to comment Share on other sites More sharing options...
Sitwon Posted December 22, 2012 Share Posted December 22, 2012 (edited) iptables -t nat -A PREROUTING -p tcp --destination-port 80 ! -d 127.0.0.1 ! -d <local-IP> -j REDIRECT --to-port 8080 Edited December 22, 2012 by Sitwon Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted December 22, 2012 Share Posted December 22, 2012 (edited) multiple -d flags not allowed ;) However, -d <local-IP>[/CODE]only should work Edited December 22, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
digininja Posted December 23, 2012 Author Share Posted December 23, 2012 So, looks like I got the wrong rule anyway, that one doesn't work. What I'm doing is trying to set up the Pineapple to pass all HTTP traffic that goes through it through my proxy. When I access port 80 on the pineapple from a client the rule works but when I access web traffic through it it doesn't. What do I need to do to modify traffic going over the bridge? Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted December 26, 2012 Share Posted December 26, 2012 Did you use the correct port numbers? iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8008 [/CODE] [code]iptables -t nat -A PREROUTING -p tcp --destination-port 80 ! -d 127.0.0.1 ! -d <local-IP> -j REDIRECT --to-port 8080 You said port 8008 and sitwon said 8080 ( wich is mostly used ) Quote Link to comment Share on other sites More sharing options...
ShadowBlade72 Posted January 5, 2013 Share Posted January 5, 2013 (edited) I haven't been able to test this yet, but could give it a run and see if it works for you. I used DNAT because it gives you more flexibility on where you want to send the traffic. Not sure if it'd make a difference or not. iptables -t nat -A PREROUTING -p tcp --dport 80 ! -d <local-IP> -j DNAT --to 172.16.42.1:8080 Hope this helps! Edited January 5, 2013 by ShadowBlade72 Quote Link to comment Share on other sites More sharing options...
digininja Posted January 5, 2013 Author Share Posted January 5, 2013 I'll give it a try but I think the problem is that iptables doesn't touch bridge traffic as it doesn't get high enough up the network stack. I'm going to try ebtables as well. Quote Link to comment Share on other sites More sharing options...
GuardMoony Posted January 9, 2013 Share Posted January 9, 2013 yeah its true. briding is lower on the stack. because you stay withing the same ip range. NAT is only used on cross ip range (routing) Glas you figured it out :) Quote Link to comment Share on other sites More sharing options...
digininja Posted January 9, 2013 Author Share Posted January 9, 2013 I've not had chance to prove what I think will work yet, been too busy, but do intend to get back to it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.