Title: Redirect incoming tcp traffic to another port with nftables Date: 2020-03-15 13:15 Category: Linux Tags: nftables Slug: nftables-port-redirect Author: someone Summary: Redirect incoming tcp traffic to another port with nftables
Assume service is listening on an unprivileged port.
Our goal is to redirect traffic destined to the privileged port 443 to the unprivileged port 22067.
Rules match on any interface except 'lo'. Corresponding lines for /etc/nftables.conf
::text
table ip nat {
chain prerouting {
type nat hook prerouting priority 0;
iifname != {lo} tcp dport 443 redirect to 22067
}
}
table ip6 nat {
chain prerouting {
type nat hook prerouting priority 0;
iifname != {lo} tcp dport 443 redirect to 22067
}
}
Then systemctl enable nftables and systemctl start nftables.
Verification from another host:
::text telnet XX.YY.ZZ.NN 443 Trying XX.YY.ZZ.NN... Connected to XX.YY.ZZ.NN. Escape character is '^]'.