trying to redirect all traffic with iptables but not working
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I have a raspberry pi that is set up as an access point. It is NOT connected to the internet. I followed this tutorial until the section about bridging. (I don't have my raspberry pi connected to ethernet so I assumed that section was unnecessary. Please let me know if that is not true.)
After following that tutorial I have the configs listed below and I am able to connect my phone to the pi through wifi. While browsing on any device connected to the pi, I want to redirect any web traffic to a server running on my raspberry pi. On my Pi I have a simple hello world server running on port 8080.
However despite what I think are the correct iptable rules, when I try to access any site on my phone nothing redirects and instead I get Safari cannot open page because server cannot be found errors. What am I doing wrong? How might I debug this problem better?
iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.220.1:8080
Chain INPUT (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0 anywhere anywhere
My confs
dnsmasq.conf
interface=wlan0
listen-address=192.168.220.1
dhcp-range=192.168.220.50,192.168.220.150,12h
/etc/dhcpcd.conf
... left unchanged but added below two lines
denyinterfaces wlan0
denyinterfaces eth0
/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=Example123
wpa_passphrase=Examplepass123
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
networking dhcp dnsmasq hostapd access-point
asked Jun 22 at 4:43
Terence Chow
101
add a comment |Â
up vote
0
down vote
favorite
I have a raspberry pi that is set up as an access point. It is NOT connected to the internet. I followed this tutorial until the section about bridging. (I don't have my raspberry pi connected to ethernet so I assumed that section was unnecessary. Please let me know if that is not true.)
After following that tutorial I have the configs listed below and I am able to connect my phone to the pi through wifi. While browsing on any device connected to the pi, I want to redirect any web traffic to a server running on my raspberry pi. On my Pi I have a simple hello world server running on port 8080.
However despite what I think are the correct iptable rules, when I try to access any site on my phone nothing redirects and instead I get Safari cannot open page because server cannot be found errors. What am I doing wrong? How might I debug this problem better?
iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.220.1:8080
Chain INPUT (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0 anywhere anywhere
My confs
dnsmasq.conf
interface=wlan0
listen-address=192.168.220.1
dhcp-range=192.168.220.50,192.168.220.150,12h
/etc/dhcpcd.conf
... left unchanged but added below two lines
denyinterfaces wlan0
denyinterfaces eth0
/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=Example123
wpa_passphrase=Examplepass123
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
networking dhcp dnsmasq hostapd access-point
asked Jun 22 at 4:43
Terence Chow
101
You need a ruleiptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.
– wurtel
Jun 22 at 10:11
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I have a raspberry pi that is set up as an access point. It is NOT connected to the internet. I followed this tutorial until the section about bridging. (I don't have my raspberry pi connected to ethernet so I assumed that section was unnecessary. Please let me know if that is not true.)
After following that tutorial I have the configs listed below and I am able to connect my phone to the pi through wifi. While browsing on any device connected to the pi, I want to redirect any web traffic to a server running on my raspberry pi. On my Pi I have a simple hello world server running on port 8080.
However despite what I think are the correct iptable rules, when I try to access any site on my phone nothing redirects and instead I get Safari cannot open page because server cannot be found errors. What am I doing wrong? How might I debug this problem better?
iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.220.1:8080
Chain INPUT (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0 anywhere anywhere
My confs
dnsmasq.conf
interface=wlan0
listen-address=192.168.220.1
dhcp-range=192.168.220.50,192.168.220.150,12h
/etc/dhcpcd.conf
... left unchanged but added below two lines
denyinterfaces wlan0
denyinterfaces eth0
/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=Example123
wpa_passphrase=Examplepass123
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
networking dhcp dnsmasq hostapd access-point
asked Jun 22 at 4:43
Terence Chow
101
I have a raspberry pi that is set up as an access point. It is NOT connected to the internet. I followed this tutorial until the section about bridging. (I don't have my raspberry pi connected to ethernet so I assumed that section was unnecessary. Please let me know if that is not true.)
After following that tutorial I have the configs listed below and I am able to connect my phone to the pi through wifi. While browsing on any device connected to the pi, I want to redirect any web traffic to a server running on my raspberry pi. On my Pi I have a simple hello world server running on port 8080.
However despite what I think are the correct iptable rules, when I try to access any site on my phone nothing redirects and instead I get Safari cannot open page because server cannot be found errors. What am I doing wrong? How might I debug this problem better?
iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:http to:192.168.220.1:8080
Chain INPUT (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any eth0 anywhere anywhere
My confs
dnsmasq.conf
interface=wlan0
listen-address=192.168.220.1
dhcp-range=192.168.220.50,192.168.220.150,12h
/etc/dhcpcd.conf
... left unchanged but added below two lines
denyinterfaces wlan0
denyinterfaces eth0
/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=Example123
wpa_passphrase=Examplepass123
/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
networking dhcp dnsmasq hostapd access-point
asked Jun 22 at 4:43
Terence Chow
101
asked Jun 22 at 4:43
Terence Chow
101
asked Jun 22 at 4:43
Terence Chow
101
asked Jun 22 at 4:43
Terence Chow
101
101
You need a ruleiptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.
– wurtel
Jun 22 at 10:11
add a comment |Â
You need a ruleiptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.
– wurtel
Jun 22 at 10:11
You need a rule
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.– wurtel
Jun 22 at 10:11
You need a rule
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.– wurtel
Jun 22 at 10:11
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f451220%2ftrying-to-redirect-all-traffic-with-iptables-but-not-working%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
You need a rule
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080. The DNAT rule you have won't work. The POSTROUTING rule is unnecessary if you don't have any connectivity.– wurtel
Jun 22 at 10:11