iptables port redirection

-A PREROUTING -p tcp -m tcp --dport 8443 -j DNAT --to-destination

Open in new window

I am connecting as follows; https://myserver.com:833
This is to reach a vm running an app on port 443. The host is already using 443 so I need to change the port going to the vm.

For some reason the above rule never works but one time. Meaning, when I connect to the vm (centos7, kvm), I can connect to its port 443 as it should be but once I click on anything else, my url is constantly changed back to http so I lose the connection until I change it back to https.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan CraciunIT ConsultantCommented:
That's not the fault of iptables.

Look at the links you click and you'll see they're plain HMTL links, starting with http://.

Solve the problem in your app and it will behave properly when accessed from outside.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
I agree with Dan, this is not something that can be addressed with iptables.  Unless you update all your links to include the port at the end this will continue to happen.
projectsAuthor Commented:
The app is sipxecs pbx, a very high quality app which I've used for almost 10 years now.
By default, it uses https so I'm not sure what you are both talking about.
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

If it uses https by default it was designed to operate on port 443.

If you have two web servers on one host that both need 443, maybe you can fix it with an apache configuration?  Or maybe the other app/service is able to use a different port.
Dan CraciunIT ConsultantCommented:
To see what we're both talking about, hover your mouse over the links.
If they don't have "https" in front then someone disabled https on the pbx.
projectsAuthor Commented:
I'm the only dev on these servers. Yes, it's all https on the vm, always has been.
Used to be port 8443 but it was changed to standard 443 long ago.

The kvm host is already using port 443 and I cannot change that so have to port forward to the vms.
All other vms work just fine, port forwarding s for example, port 8080 to 80 and 8181 to 80 to their respective vms.

That's why this problem is a weird one and why I posted asking for help.
Dan CraciunIT ConsultantCommented:
Unless you have plain http links or a redirect in .htaccess, all the site will be https and will work on port 443.

Anyway, to convince yourself that iptables works as it should, activate logging and watch the log to see if it blocks anything.
projectsAuthor Commented:
I used;
watch -n1 iptables -vnL

It isn't blocking anything that I can tell but the url changes in the browser. I tried multiple browsers to see if it was a browser issue.

I don't think this is an iptables issue at this point.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.