I'm having an issue with iptables due to my very small amounts of involvement with it.
I have a TOR exit relay setup and I'm trying to redirect all local and TOR traffic so that it exits my box on port 8080.
Currently I have it set as:
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
But this only seems to redirect transient traffic when I'm acting as a router rather than traffic originating from the box.
1 Answer
Not commenting on TOR as I don't have much knowledge.
But for the iptables goal, here it is. PREROUTING involves routing. When initiating a connection from the local system, you're not routing. You just have to use OUTPUT instead/in addition of PREROUTING.
Scope of REDIRECT:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming interface (locally-generated packets are mapped to the localhost address, 127.0.0.1 for IPv4 and ::1 for IPv6).
So:
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080EDIT:
To avoid a specific user or group to be redirected (eg to avoid an infinite loop with the service on port 8080), you can do like this (example for a service running with effective group tor) instead of above:
iptables -t nat -N OUTPUT intercept
iptables -t nat -A OUTPUT -p tcp -m tcp --dport 80 -j intercept
iptables -t nat -A intercept -m owner --gid-owner tor -j RETURN
iptables -t nat -A intercept -j REDIRECT --to-ports 8080
