IPtables isn't working on Amazon Linux 2

Question

Hi,  
  
After years of using Amazon Linux 1, I'm making an effort to start using Amazon Linux 2, which (I get the impression) is what Amazon would like us to use going forward.  
  
I'm running into a problem with iptables. On Amazon Linux 1, iptables is already installed. On 2, it is not, but I figured out how to install it using these commands:  
sudo yum install iptables-services -y  
sudo systemctl enable iptables  
sudo systemctl start iptables  
  
From there, I was able to issue the iptables commands I need. However, they don't work. For example, I am running a web server on port 8080 and I want to redirect 80 to 8080 so I can hit it from the internet. It doesn't work. Iptables says the route is defined, but I get no response from a web browser. (Yes, I checked to make sure the port is open in the firewall, and I have done this many times with Amazon Linux 1, so I know how it's supposed to work).  
  
Is there something else I need to do here?

Answer

I had a problem with this too but found that the AWS Linux 2 AMI has rules that come preconfigured in /etc/sysconfig/iptables that are set to reject any incoming traffic except SSH (port 22). It makes sense. What I did, and I don't know if this ultimately what you'd want to do long term, is flush the rules with iptables -F, add the rules I wanted for port forwarding and then saving those over /etc/sysconfig/iptables.  
  
ex:  
sudo iptables -F  
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
sudo iptables -t nat -A PREROUTING -p tcp -d 10.0.20.172 --dport 1433 -j DNAT --to-destination 10.0.1.160:1433  
sudo iptables-save|sudo tee /etc/sysconfig/iptables  
  
This at least got me to where things were working. Hope this helps.  
  
Edited by: ericdred-pixsys on Feb 26, 2021 4:30 PM

IPtables isn't working on Amazon Linux 2

相关内容