LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-23-2003, 04:40 AM   #1
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Rep: Reputation: 15
REDIRECT port 80 to 8080 not working


Hi,

I have run my webserver and Tomcat behind iptables for some time now. But have a few problems when I reboot. I always have to do "service iptables restart" because no packets get through when iptables starts from the init.d process. Is there a log somewhere I can find out why?

The second thing is I always have to restart httpd because my servlet is not accessible? I know the httpd should always start after Tomcat and in the init.d scripts it does not. Be that as it may I want to simplify things and have no static pages so have decided to not run Apache and redirect port 80 to 8080 so Tomcat serves all pages.

I added the following line to my working iptables script.

$IPTABLES -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80:80 --to-ports 8080

After this line further down in the script comes:

# HTTP - (80) HTTP
$IPTABLES -A lan-if -p tcp -s $LANSUBNET --dport www -j ACCEPT

The intention of the substituted variables should be clear. My reasoning that this chain comes after the DNAT one and thus redirect should occur.

If this is not so can I change the ACCEPT to something like DNAT and have it explicitly go through the PREROUTING chain? I had read that the order of rules in the script was the order they are applied, but somehow doubt this now.

thanks

David
 
Old 06-24-2003, 04:57 AM   #2
dwynter
Member
 
Registered: Jun 2002
Distribution: Centos 4.4
Posts: 82

Original Poster
Rep: Reputation: 15
Too hard a question?

I am not sure if I am asking too hard a question or it is too stupid? Should I post this on the iptable mailing list maybe?

thanks

David
 
Old 06-25-2003, 08:06 AM   #3
slightcrazed
Member
 
Registered: May 2003
Location: Lisbon Falls, Maine
Distribution: RH 8.0, 9.0, FC2 - 4, Slack 9.0 - 10.2, Knoppix 3.4 - 4.0, LFS,
Posts: 789

Rep: Reputation: 30
I wish I could help out, but my knowledge of iptables is pretty basic. I have done some firewalling with it, but I have not had to do any port forwarding. The only thing that stands out in your code is --destination-port and --to-ports. I understand what you are trying to do, I have always seen -dport and -sport used in place of your syntax. Other than that to my untrained eyes it looks fine. I'll do some checking and maybe I can find a good iptables forwarding example. I learned from this and from expirementing on my own, but the link really only discusses firewalling, and not forwarding.

slight
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Port 80-->8080?? flamesrock Linux - Software 4 08-01-2004 01:40 AM
problem in IM with the 8080 port dred Linux - Networking 0 06-06-2004 03:21 AM
Port 8080 access kinchj Linux - Security 6 01-06-2004 10:38 AM
What command changes port 8080 to 80? TSynergy Linux - Newbie 4 09-17-2003 05:18 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration