LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-22-2010, 11:18 PM   #1
steve willett
LQ Newbie
 
Registered: Sep 2010
Posts: 11

Rep: Reputation: 0
CentOS 5: iptables - cannot open port 80 and nat to port 8080 for Tomcat


I am trying to run Apache Tomcat on port 80. I have attempted to use kernal port forwarding by using:

# iptables -t nat -A PREROUTING -d <my server URL> -p tcp --dport 80 -j REDIRECT --to-ports 8080

I now see the following iptables output:

# /sbin/iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

# /sbin/iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 8443
REDIRECT tcp -- 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 8080

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I can connect to Tomcat locally, with http://localhost. However, I cannot connect from outside this machine with http://<my server URL>.

Any suggestions on how to debug this (and similar!) problems?
 
Old 09-23-2010, 02:02 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
On what port is your Tomcat currently listening? Is it port 80? What you are doing right now is forwarding all the www requests to 8080 which id default tomcat port as per my knowledge. This will not work. You should redirect 8080 to 80.
Or else look here on how to change the default port for Tomcat:
http://www.mkyong.com/tomcat/how-to-...-default-port/
 
Old 09-24-2010, 03:05 AM   #3
steve willett
LQ Newbie
 
Registered: Sep 2010
Posts: 11

Original Poster
Rep: Reputation: 0
Running in 8080

Quote:
Originally Posted by linuxlover.chaitanya View Post
On what port is your Tomcat currently listening? Is it port 80? What you are doing right now is forwarding all the www requests to 8080 which id default tomcat port as per my knowledge. This will not work. You should redirect 8080 to 80.
Or else look here on how to change the default port for Tomcat:
http://www.mkyong.com/tomcat/how-to-...-default-port/
Thanks for you response, linuxlover.chaitanya!

Tomcat is running on 8080, not 80, so I have to forward from 80 to 8080.

This is all being done so that I don't have to run Tomcat as root, which I would have to do to have it listen on port 80. Instead Tomcat listens on 8080 and can run as an unprivileged process. However, since Tomcat is running Standalone, incoming HTTP request need to be forwarded to port 8080 so Tomcat can handle them.

Is this clearer?
 
Old 09-24-2010, 03:37 AM   #4
kirukan
Senior Member
 
Registered: Jun 2008
Location: Eelam
Distribution: Redhat, Solaris, Suse
Posts: 1,278

Rep: Reputation: 148Reputation: 148
Quote:
I am trying to run Apache Tomcat on port 80. I have attempted to use kernal port forwarding by using:
As from the iptables output, all http(port 80) requests redirect to port 8080. please makesure, whether the tomcat listening on port 8080

Last edited by kirukan; 09-24-2010 at 03:57 AM.
 
Old 09-24-2010, 05:03 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
I still am not clear then. If tomcat is not listening on port 80 then how are the tomcat requests going to be redirected? Since port 80 connections are www connections and apache should be listening on it. And hence port 80 requests are by default http requests that are served by apache. And if apache web server is not listening on port 80 then why not just change the default port in the configuration as directed in the link?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat port 8080 stuck open theofb Linux - Networking 4 01-03-2009 06:13 PM
Iptables port forwarding is not working 8080 to 80 linux_man_2004 Linux - Networking 13 04-14-2008 02:10 PM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 01:59 AM
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 03:14 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 01:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration