LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-15-2009, 11:11 PM   #1
bt101
Member
 
Registered: Mar 2008
Posts: 61

Rep: Reputation: 19
How do you change port 8080 to port 80?


Hi - The iptables firewall is boggling my mind and I can't find out where to start.

I have a an Apache web server on port 80 that I can access from any machine in the house (no problem). I have a modem on the web server connected to the internet (ppp0). Of course, I do not want to expose port 80 to the internet. I want to take incoming traffic on port 8080 and simply change the port to 80.

I "think" that I know the first part. I need to ACCEPT port 8080 on ppp0 on the INPUT chain. After that I'm completely lost.

As I mentioned, my mind is boggled because there are so many commands that seem to do the same thing DNAT/SNAT/REDIRECT, plus there are a bunch of chains. I would think that this is a common need, but I can't find another person on the internet with the same requirement.
 
Old 03-16-2009, 01:30 AM   #2
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
REDIRECT is the right choice
 
Old 03-16-2009, 01:53 AM   #3
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Try something like
Code:
/bin/iptables -t nat -A PREROUTING -i relevant_interface -p tcp --dport 8080 -j REDIRECT --to-port 80
Not quite sure why "of course" you don't want to expose port 80 to the internet though.
 
Old 03-16-2009, 05:03 AM   #4
acmeinc
Member
 
Registered: Aug 2008
Posts: 45

Rep: Reputation: 16
Quote:
Not quite sure why "of course" you don't want to expose port 80 to the internet though.
I agree, expose port 80 and setup IP blocks if necessary.
 
Old 03-16-2009, 06:51 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,636

Rep: Reputation: Disabled
In case you didn't know yet:

http://www.slackware.com/~alien/efg/
 
Old 03-16-2009, 07:05 PM   #6
bt101
Member
 
Registered: Mar 2008
Posts: 61

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by billymayday View Post
Try something like
Code:
/bin/iptables -t nat -A PREROUTING -i relevant_interface -p tcp --dport 8080 -j REDIRECT --to-port 80
Not quite sure why "of course" you don't want to expose port 80 to the internet though.
Thanks for the reply. If I use that pre-routing rule, I think I'll then have to make an INPUT rule to accept port 80? Let me know if I'm wrong. If I do have to accept port 80, then I'm back to square-one with port 80 exposed.

BTW - I do not want to expose port 80 (or any other known port) so that I'm invisible to the bad people on the internets (it's a bad world out there). Right now, when I initiate a port scan on my connection, it comes back as 100% secure. I move like a shadow in the night. I could be completely wrong, but I think that the bad guys keep knocking on doors until they find anything that is alive. I don't want anybody to know I exist. Please destroy this after you read it. Signed...Paranoid but Secure.
 
Old 03-17-2009, 06:01 AM   #7
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Not 100% sure here, but I don't think the redirect requires port 80 open on the firewall. I do imagine you need port 8080 open. I only use redirection internally.
 
Old 03-17-2009, 06:33 AM   #8
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
just make apache listen on both 8080 and 80

allow incoming traffic on ppp0 port and ethx on port 8080 for internal clients 80
There is no point in using redirect

port 8080 is usually scanned by port scanners because is a well-known port
if you try to implement security by obscurity make sure you select high port which is not normally known by port scanner


if you are really concerned about security .. implement iptables+fwsnort mod_security etc etc

Last edited by ddaemonunics; 03-17-2009 at 06:36 AM.
 
Old 03-17-2009, 06:37 PM   #9
bt101
Member
 
Registered: Mar 2008
Posts: 61

Original Poster
Rep: Reputation: 19
Quote:
Originally Posted by ddaemonunics View Post
just make apache listen on both 8080 and 80

allow incoming traffic on ppp0 port and ethx on port 8080 for internal clients 80
There is no point in using redirect

port 8080 is usually scanned by port scanners because is a well-known port
if you try to implement security by obscurity make sure you select high port which is not normally known by port scanner


if you are really concerned about security .. implement iptables+fwsnort mod_security etc etc
Yes, I think you're right. I wanted to "do it all" from the firewall, rather than trying to configure two things. I think I've got both the firewall and apache configured correctly now. Oh, and by the way, I only mentioned port 8080 to throw people off. I'm going to use my super-secret port number. Thanks.
 
Old 03-18-2009, 02:34 AM   #10
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Not port 42 ????
 
Old 03-18-2009, 03:44 AM   #11
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE Tumbleweed-KDE, Mint 21, MX-21, Manjaro
Posts: 4,636

Rep: Reputation: Disabled
Quote:
Originally Posted by billymayday View Post
Not port 42 ????
Thanks for a good laugh .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
access 8080 web server port through squid running on 8080 sunethj Linux - Networking 11 05-18-2007 02:38 AM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 12:59 AM
Port 80-->8080?? flamesrock Linux - Software 4 08-01-2004 01:40 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM
HTTP on port 8080 cauchy Linux - Networking 3 08-09-2001 07:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration