iptables: redirect port 8080 to 81 and block port 8080
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
iptables: redirect port 8080 to 81 and block port 8080
Hello, I'm running tomcat as a normal user, so can't be using port 81. I'm redirecting port 8080 to 81 using iptables, like this:
Code:
/usr/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 81 -j MARK --set-mark 1
/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 81 -j REDIRECT --to-port 8080
/usr/sbin/iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -m mark --mark 1 -j ACCEPT
Now, this setup works, can using port 81, but port 8080 works just the same. I was wondering if its possible to do this redirect, but then block port 8080, so only 81 would work.
Any ideas? BTW, I can't use anybind, if someone will suggest it.
Not sure what you are trying to say but if you are redirecting 8080 to 81 your rules are backwards.
You cannot block port 8080 as you need that to get to port 81
Not sure what you are trying to say but if you are redirecting 8080 to 81 your rules are backwards.
You cannot block port 8080 as you need that to get to port 81
If a packet is coming in on 8080 because you cannot use 81, you need to redirect 8080 to 81 not 81 to 8080.
And for simple redirect you don't need to mark the packet.
I don't know how this is working as you are not redirecting 8080 to 81. Are you sure that tomcat isn't listing on port 8080? That is the only reason it would work and your last rule is what allows it to work.
Another thing you might want to consider is using the interface, -ieth0 or -o eth0, in your rules. This way you can fine tune a rule to only be applied in one direction. for example your redirect rule would be applied in both directions as it refers to pre-router only which is done in both directions.
Please forgive me, I mis-read you post (need to slow down and reread things once in a while).
You are redirecting port 81 outside to port 8080 internally.
So you are looking to block port 8080 from the outside. Never heard of anyone wanting to do this but maybe you could do it with the following:
FWIW, I too was confused by the wording. Normally, when one says "redirecting port 8080 to 81" it means the opposite of what you intend. It normally means "redirecting (TCP/IP) packets from port 8080 to port 81". In other words, packets that hit port 8080 are redirected to port 81.
The other way doesn't really make much language sense. The daemon is listening to port 8080, sure, but its "ear" isn't redirected to port 81. The "ear" is still listening to port 8080. It's just that it is, indirectly, also listening to port 81 in a sense.
To avoid similar confusion in the future, think about how it would sound if you inserted the tacit word "packets".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.