Using ipchains
On some Linux systems the ipchains REDIRECT mechanism can be used to redirect from one port to another inside the kernel:
/sbin/ipchains -I input --proto TCP --dport 80 -j REDIRECT 8080This basically means, "Insert into the kernel's packet filtering the following as the first rule to check on incoming packets: If the protocol is TCP and the destination port is 80, redirect the packet to port 8080." Your kernel must be compiled with support for ipchains. (virtually all stock kernels are.) You must have the "ipchains" command-line utility installed. (On RedHat the package is aptly named "ipchains".) You can run this command at any time, preferably just once since it inserts another copy of the rule every time you run it.
Using iptables
You need to add something like the following to the startup scripts or your firewall rules:
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080The underlying model of iptables is different to that of ipchains so the forwarding normally only happens to packets originating off-box. You will also need to allow incoming packets to port 8080 if you use iptables as a local firewall.
Note: For some extremely handy scripts (verified against
SuSe 7.3) and a detailed readme.txt,
download a the tiny tarball iptables.tgz contributed by Chris Haynes
(thanks Chris!).