I have a doozy of a first post. Hopefully the solution is simple, but I have run out of ideas.
Environment:
I have a virtual environment, RHEL6 minimal install. On that, I am trying to run Liferay6 on Tomcat6 for the purpose of writing prototype business portals. I used the Liferay+Tomcat bundle downloaded from the Liferay website.
For security reasons, the server can only be accessed through port 80, and Tomcat listens on 8080. (I know I can run it so that it listens on another port, but I'd like it on 8080)
Goal:
Use iptables to forward traffic destined for 80 to port 8080.
What I Did:
Configure nat to forward tcp packets from 80 to 8080:
Code:
[root@rhel6-template scratch]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
List the nat iptable:
Code:
[root@rhel6-template scratch]# iptables -L -t nat -nv
Chain PREROUTING (policy ACCEPT 94 packets, 7176 bytes)
pkts bytes target prot opt in out source destination
27 1404 REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT 348 packets, 25893 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 348 packets, 25893 bytes)
pkts bytes target prot opt in out source destination
What Happens:
FYI: X.X.X.X is the internal IP address.
wget to 80 doesn't work:
Code:
[root@rhel6-template scratch]# wget X.X.X.X:80
--2011-07-18 12:10:26-- http://X.X.X.X/
Connecting to X.X.X.X:80... failed: Connection refused.
What I Already Checked:
Tomcat did start normally. Logs show no errors, and specify that Coyote HTTP/1.1 is initialized on http-8080. I can provide this log if need be.
Tomcat is listening on port 8080:
Code:
[root@rhel6-template scratch]# ss -ln
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 50 :::8009 :::*
0 100 :::8080 :::*
0 128 :::22 :::*
0 128 *:22 *:*
0 100 ::1:25 :::*
0 100 127.0.0.1:25 *:*
0 1 ::ffff:127.0.0.1:8005 :::*
wget to 8080 works fine. Nobody else will be able to access this server through this port though.
Code:
[root@rhel6-template scratch]# wget X.X.X.X:8080
--2011-07-18 12:08:10-- http://X.X.X.X:8080/
Connecting to X.X.X.X:8080... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://X.X.X.X:8080/web/guest;jsessionid=7CB74EA3DE92ABBA39275F623AD99C3D [following]
--2011-07-18 12:08:10-- http://X.X.X.X:8080/web/guest;jsessionid=7CB74EA3DE92ABBA39275F623AD99C3D
Connecting to X.X.X.X:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 30326 (30K) [text/html]
Saving to: ‚guest;jsessionid=7CB74EA3DE92ABBA39275F623AD99C3D‚
100%[=======================================================================>] 30,326 --.-K/s in 0.005s
2011-07-18 12:08:12 (6.38 MB/s) - ‚guest;jsessionid=7CB74EA3DE92ABBA39275F623AD99C3D‚
I get the same negative result on the VM on the server as I get on a RHEL6 VM on my laptop.
The iptables method that I described above does in fact work with Liferay6 on Tomcat6 on Ubuntu 10.10.
I have looked at
this thread. I appear to have tried everything that was mentioned there.
Actual Question:
I would like to know how to effectively forward 80 to 8080 on RHEL6, so that I can access Liferay on Tomcat (listening on 8080) at 80.
Any help is appreciated. I probably forgot the smallest thing. Also, feedback on the format of my first ever forum post (anywhere, not just on LQ) is very welcome indeed.
Thanks,
Griff