为什么我的 iptables 端口转发不起作用?

为什么我的 iptables 端口转发不起作用?

我正在尝试在我的 amazon linux ami 机器上设置从端口80到端口的端口转发。8080

我跑了

$ sudo /sbin/iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

并验证了结果:

$ sudo iptables --table nat --list
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

但是请求端口80不起作用:

$ wget http://localhost:80
--2017-09-25 08:51:27--  http://localhost/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:80... failed: Connection refused.

而端口8080工作正常:

$ wget http://localhost:8080
--2017-09-25 08:51:39--  http://localhost:8080/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.

我怎样才能让 port80成为 port 的别名8080


附加信息:

$ cat /proc/sys/net/ipv4/ip_forward
1

$ sudo sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
error: "Input/output error" reading key "net.ipv6.conf.all.stable_secret"
error: "Input/output error" reading key "net.ipv6.conf.default.stable_secret"
error: "Input/output error" reading key "net.ipv6.conf.eth0.stable_secret"
error: "Input/output error" reading key "net.ipv6.conf.lo.stable_secret"

答案1

事实上,端口转发已经生效,但对 不起作用localhost。但是,从外部访问该端口却一切正常。

我仍然不知道,为什么它没有起作用,localhost但目前对我来说并不重要。

相关内容