IPtables isn't working on Amazon Linux 2



After years of using Amazon Linux 1, I'm making an effort to start using Amazon Linux 2, which (I get the impression) is what Amazon would like us to use going forward.

I'm running into a problem with iptables. On Amazon Linux 1, iptables is already installed. On 2, it is not, but I figured out how to install it using these commands:
sudo yum install iptables-services -y
sudo systemctl enable iptables
sudo systemctl start iptables

From there, I was able to issue the iptables commands I need. However, they don't work. For example, I am running a web server on port 8080 and I want to redirect 80 to 8080 so I can hit it from the internet. It doesn't work. Iptables says the route is defined, but I get no response from a web browser. (Yes, I checked to make sure the port is open in the firewall, and I have done this many times with Amazon Linux 1, so I know how it's supposed to work).

Is there something else I need to do here?

asked 3 years ago7005 views
1 Answer

I had a problem with this too but found that the AWS Linux 2 AMI has rules that come preconfigured in /etc/sysconfig/iptables that are set to reject any incoming traffic except SSH (port 22). It makes sense. What I did, and I don't know if this ultimately what you'd want to do long term, is flush the rules with iptables -F, add the rules I wanted for port forwarding and then saving those over /etc/sysconfig/iptables.

sudo iptables -F
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -t nat -A PREROUTING -p tcp -d --dport 1433 -j DNAT --to-destination
sudo iptables-save|sudo tee /etc/sysconfig/iptables

This at least got me to where things were working. Hope this helps.

Edited by: ericdred-pixsys on Feb 26, 2021 4:30 PM

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions