[英]Can't get nftables to redirect port 80 to 8080
我已經嘗試設置我的服務器,因此它將端口80的流量重定向到端口8080,但它不起作用。 (如果我telnet到端口80,並且“無法連接”與firefox,我會收到“Connection refused”錯誤。)
我已經能夠使用iptables讓它工作,但更喜歡使用nftables。 有誰知道問題可能是什么? (如果它是相關的,服務器在linode.com上運行,內核由linode提供。)
我在/etc/nftables.conf中有以下內容:
#!/usr/sbin/nft -f
flush ruleset
table ip fw {
chain in {
type filter hook input priority 0;
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state established,related accept
# accept ssh, alternative http
tcp dport { ssh, http, http-alt } ct state new counter accept
counter drop
}
}
table ip nat {
chain prerouting {
type nat hook prerouting priority 0;
tcp dport http redirect to http-alt
}
chain postrouting {
type nat hook postrouting priority 0;
}
}
你的意思是table inet filter而不是table ip fw ?
如果是這樣,我有類似的問題。 將ip nat prerouting優先級更改為-101使其正常工作,但我不確定原因。 它可能與NF_IP_PRI_NAT_DST(-100)的默認優先級相關:目標NAT 。 似乎唯一有效的范圍是-101到-200。
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
counter
# accept any localhost traffic
iif lo accept
# accept traffic originated from us
ct state {established,related} accept
# activate the following line to accept common local services
tcp dport { 22, 80, 443, 9443 } ct state new accept
# accept neighbour discovery otherwise IPv6 connectivity breaks.
ip6 nexthdr icmpv6 icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
# count and drop any other traffic
counter drop
}
}
table ip nat {
chain input {
type nat hook input priority 0;
counter
}
chain prerouting {
type nat hook prerouting priority -101;
counter
tcp dport 443 counter redirect to 9443
}
chain postrouting {
type nat hook postrouting priority 0;
counter
}
}
通過counter規則可以輕松查看鏈條是否被處理; 計數器值可以通過nft list ruleset看到。
如果您僅在localhost上路由,請嘗試使用
table ip nat {
chain output {
type nat hook output priority 0;
tcp dport http redirect to http-alt
}
}
幾年前我讀了iptables,循環設備上的數據包不會遍歷預路由鏈,而是通過輸出鏈。 那是我的問題。
服務器監聽localhost:8080,Apache仍然可以監聽端口80嗎?
[英]Server listening to localhost:8080 can Apache still listen to port 80?
如何grep監聽端口80,也可以過濾其他端口包含80如8080 8088 ...?
[英]how to grep listening on port 80 that can also filter other port contain 80 such as 8080 8088 …?
Apache端口將80轉發到8080,並訪問同時托管在Apache(80)中的應用程序,即phpMyadmin和Tomcat(8080)
[英]Apache Port forwarding 80 to 8080 and accessing applications hosted both in Apache (80), i.e phpMyadmin and Tomcat (8080)
即使沒有其他進程阻塞端口,Node.js 應用程序也無法在端口 80 上運行
[英]Node.js app can't run on port 80 even though there's no other process blocking the port
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.