Port forwarding

QAR · 03-16-2005, 03:52 AM

Hi There,

I'm a newbie to linux and would like someone to help with the following issue.

I have a web application running on my server. This application uses port 8080. I would like to set up the server so that the server accepts requests on port 80 and forwards them to port 8080.

I'm running Redhat 9.0 and JBoss.

Thanking you in advance.

Ephracis · 03-16-2005, 04:18 AM

Oh my god. Yes, I am sorry. I was too tired and forgot to change the code I only copied.

Anyway. The table should be NAT as I said (but did not use in the code :P) and then PREROUTING. The rule applied should be REDIRECT.

Here is a working shell script. Just make it executable and put it into the rc.d-dir or some other place to make it start on boot.

Code:

#!/bin/sh

# flush tables
iptables -F
iptables -Z

# drop on default
iptables -P INPUT DROP

# redirect port 80 to 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 --to-ports 8080 -j REDIRECT

# established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

Maybe you don't want (or need) to set default to drop all packages but I was just assuming now. Anyway, it is much easier to let all the iptables-commands be in one file instead of typing them.

Check out the man for more info. iptables is kinda big and there are several great books on the subject. Unfortenly I can only recommend swedish books. :P

If you want to redirect to another host use the [b]--destination[b] flag.

linuxxed · 03-16-2005, 05:44 AM

Quote:

Originally posted by MezzyMeat
iptables -A INPUT -s 0/0 -p tcp --dport 8080 --sport 80 -j ACCEPT

??

Iptables line should be "REDIRECT" in "PREROUTING" chain on NAT table.

iptables -t NAT -A PREROUTING -m tcp -p tcp --dport 80 --to-ports 8080 -j REDIRECT

Note: DNAT is done in OUTPUT or PREROUTING chain. SNAT is done in POSTROUTING chain. The above iptables entry is a "type of DNAT".

Another way is to set up a tunnel from 80 to 8080.