Port rewriting with iptables

Sometime it is useful to rewrite incoming connection to a different port. It’s very easy with iptables:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j REDIRECT –to-ports 9090

Obviously you have to change source port (443 in my example) and the destination post (9090 in the example) and maybe the interface.

I used this solution for a Apache server running inside a VirtualBox that offers HTTPS through VB’s NAT. The problem is that I don’t launch the VirtualBox using root, but with a not privileged user, so I cannot map the NAT on hosts’ 443 port, but I choose for a not standard 9090 port. Unfortunately external applications need to access the service on the standard port. Rewriting the port with iptable was a cheap solution 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *