LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   REDIRECT port 80 to 8080 not working (https://www.linuxquestions.org/questions/linux-networking-3/redirect-port-80-to-8080-not-working-67426/)

dwynter 06-23-2003 04:40 AM
REDIRECT port 80 to 8080 not working
 
Hi,

I have run my webserver and Tomcat behind iptables for some time now. But have a few problems when I reboot. I always have to do "service iptables restart" because no packets get through when iptables starts from the init.d process. Is there a log somewhere I can find out why?

The second thing is I always have to restart httpd because my servlet is not accessible? I know the httpd should always start after Tomcat and in the init.d scripts it does not. Be that as it may I want to simplify things and have no static pages so have decided to not run Apache and redirect port 80 to 8080 so Tomcat serves all pages.

I added the following line to my working iptables script.

$IPTABLES -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80:80 --to-ports 8080

After this line further down in the script comes:

# HTTP - (80) HTTP
$IPTABLES -A lan-if -p tcp -s $LANSUBNET --dport www -j ACCEPT

The intention of the substituted variables should be clear. My reasoning that this chain comes after the DNAT one and thus redirect should occur.

If this is not so can I change the ACCEPT to something like DNAT and have it explicitly go through the PREROUTING chain? I had read that the order of rules in the script was the order they are applied, but somehow doubt this now.

thanks

David

dwynter 06-24-2003 04:57 AM
Too hard a question?
 
I am not sure if I am asking too hard a question or it is too stupid? Should I post this on the iptable mailing list maybe?

thanks

David

slightcrazed 06-25-2003 08:06 AM
I wish I could help out, but my knowledge of iptables is pretty basic. I have done some firewalling with it, but I have not had to do any port forwarding. The only thing that stands out in your code is --destination-port and --to-ports. I understand what you are trying to do, I have always seen -dport and -sport used in place of your syntax. Other than that to my untrained eyes it looks fine. I'll do some checking and maybe I can find a good iptables forwarding example. I learned from this and from expirementing on my own, but the link really only discusses firewalling, and not forwarding.

slight


All times are GMT -5. The time now is 01:07 AM.