Iptables output redirect quest

I have an application that sends output out on a sample port which must be redirected at the server level back to a second port in order for the application to process the information correctly.

For example, we will use:
IP:  172.80.4.155
Redirect from: 443
Redirect to: 8443
2nd IP:  172.80.4.156

I have the following rule which works fine running by itself, but I need to introduce a second IP into the system and each IP needs to redirect their output back to themselves on the new port.

/sbin/iptables -t nat -A OUTPUT -j REDIRECT -p tcp -d 172.80.4.155/32 --dport 443 --to-ports 8443

/sbin/iptables -t nat -A OUTPUT -j REDIRECT -p tcp -d 172.80.4.156/32 --dport 443 --to-ports 8443

Does anyone know how I could accomplish this?  Using PREROUTING will not work as it isn't redirecting the output like the rule above does.  
xiaoyunwuAsked:
Who is Participating?
 
NopiusConnect With a Mentor Commented:
> each IP needs to redirect their output back to themselves on the new port.

according to manual page
'It redirects the packet to the machine itself by changing the  destination IP  to  the  primary  address  of  the  incoming  interface'

so that in modified IP packet, the source IP address will always be 172.80.4.155 regardless of original source IP.
Try to use DNAT instead:
/sbin/iptables -t nat -A OUTPUT  -p tcp -d 172.80.4.155/32 --dport 443 -j REDIRECT --to-destination :8443
/sbin/iptables -t nat -A OUTPUT  -p tcp -d 172.80.4.156/32 --dport 443 -j REDIRECT --to-destination :8443

P.S. '-to-destination :8443' is not misspelled (without IP), use it as is :-)
0
 
xiaoyunwuAuthor Commented:
What version of iptables are you using?  I'm using 1.3.5 and it doesn't support the --to-destination flag.  This is for a Java based application run under Tomcat that posts information back to itself which is why I need to redirect the output to port 8443.  I am already NAT'ing:
/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.80.4.155 --dport 443 -j DNAT --to 172.80.4.155:8443
/sbin/iptables -t nat -A PREROUTING -p tcp -d 172.80.4.156 --dport 443 -j DNAT --to 172.80.4.156:8443

But this won't handle redirecting the output back to itself. I need to find a way to redirect the output in a similar manner to the rules above.

/sbin/iptables -t nat -A OUTPUT  -p tcp -d 172.80.4.155/32 --dport 443 -j REDIRECT --to-destination :8443
iptables v1.3.5: Unknown arg `--to-destination'
Try `iptables -h' or 'iptables --help' for more information.


Do you have any other ideas?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.