0

So I'm configuring a QEMU guest on my Debian Wheezy server, using virt-manager.

As guest I've installed Ubuntu 14.04.1 server.

The server contains the following iptables rule:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3080
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 3080

This was taken from the serverfault question "How to run a server on port 80 as a normal user on Linux?"

So incoming HTTP requests on port 80 to the Debian host are being redirected to the correct application.

But, as a side effect, outgoing requests from my QEMU guest are also being redirected there. How can I fix that?

Community
  • 1
Jelle De Loecker
  • 1,094
  • 6
  • 17
  • 30

1 Answers1

0

The rule

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3080

means redirect everything with destination port 80 to port 3080 and that matches all the HTTP traffic. You'll need to put an IP address or an interface in order to be specific: if your IP address is 1.2.3.4, this will do:

iptables -t nat -A PREROUTING -d 1.2.3.4 -p tcp --dport 80 -j REDIRECT --to-port 3080

The -d 1.2.3.4 flag specifies destination address and only requests to your IP will be redirected.

Another option is to use the network interface, so if your internet connection is on eth0, you can use:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3080

Which also would work because -i matches incoming traffic on the eth0 interface, e.g. requests made to your computer.

You can even combine the filters (e.g. you have multiple NICs and multiple IPs, but you want to run the site only on a single pair)

iptables -t nat -A PREROUTING -i eth0 -d 1.2.3.4 -p tcp -j REDIRECT --to-port 3080

You should consult the iptables manual if you need fine control over who gets redirected, gets blocked, etc.

Iskren
  • 221
  • 2
  • 5