The iptables based Linux Firewall is not all about blocking ports (the filter table). Ports can be redirected if required achieved via the nat table. The filter table is the default table with iptables so we do not need to make reference to the table name. However, port redirection is managed by the nat table so we must always add the -t nat to our iptables command when reading or writing to the non-default table. To control access to internet web-sites you may redirect port 80, HTTP requests, to the proxy server on port 3128, or similarly you may be running Tomcat services that listen on port 8080 but users always forget to add the port to the URL, redirecting then port 80 to 8080 would work for those users.
- iptables -A INPUT -p tcp –dport 8080 -j ACCEPT
- iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-ports 8080