P
Pikachu2000
Guest
iptables, what a curmudgeon ye be.
I'm really at a loss for ideas here. The box in question is running Debian Squeeze, and here's the deal. I *had* an iptables port redirection rule that simply won't die for some reason. I'm really hoping someone can help me make it go away.
In the process of setting up an IRC server, I'm adding the webchat interface and running it as a non-privileged user, and as such, it couldn't bind port 80. I figured I'd just forward 80 to the webchat module on 1234, so I added a rule in iptables:
in directory: /etc/network/if-up.d/
Added file: firewall
Containing:
To make a long story short, forwarding the port worked, but caused issues resolving the connecting client's hostname properly. I Removed the firewall file, and ran the following script to get rid of the forwarding. I then brought all interfaces down and up with ifdown -a and ifup -a.
The port was still being forwarded, so I ran each command via CLI as root, and cycled the interfaces again. That didn't work either; port 80 is still being forwarded to 1234.
Both after running the script and after entering each command individually, iptables -L shows nothing:
I have not restarted the box yet. That's a last resort since this really shouldn't require it to be done, but I guess if I have to, I will.
I'm really at a loss for ideas here. The box in question is running Debian Squeeze, and here's the deal. I *had* an iptables port redirection rule that simply won't die for some reason. I'm really hoping someone can help me make it go away.
In the process of setting up an IRC server, I'm adding the webchat interface and running it as a non-privileged user, and as such, it couldn't bind port 80. I figured I'd just forward 80 to the webchat module on 1234, so I added a rule in iptables:
in directory: /etc/network/if-up.d/
Added file: firewall
Containing:
Code:
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# Flush any existing firewall rules we might have
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Perform the rewriting magic.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 1234
To make a long story short, forwarding the port worked, but caused issues resolving the connecting client's hostname properly. I Removed the firewall file, and ran the following script to get rid of the forwarding. I then brought all interfaces down and up with ifdown -a and ifup -a.
Code:
#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
The port was still being forwarded, so I ran each command via CLI as root, and cycled the interfaces again. That didn't work either; port 80 is still being forwarded to 1234.
Both after running the script and after entering each command individually, iptables -L shows nothing:
Code:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I have not restarted the box yet. That's a last resort since this really shouldn't require it to be done, but I guess if I have to, I will.