Alexander Farber
2016-Jun-20 19:01 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT
Also I am running Jetty as user "nobody" at the port 8080 using
the /etc/systemd/system/websocket-handler.service file:
[Unit]
Description=WebSocket Handler Service
After=network-online.target
[Service]
Type=simple
User=nobody
Group=nobody
ExecStart=/usr/bin/java -classpath '/usr/share/java/jetty/*'
de.afarber.MyHandler 144.76.184.151:8080
ExecStop=/bin/kill ${MAINPID}
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
However I actually need my Jetty program to run at port 80 - so that users
behind corporate firewalls can connect too.
The Jetty doc at
https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html
suggests to run the command
# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
but I can not figure out the corresponding line for the
/etc/sysconfig/iptables
I have tried running the above command and then "iptables -S" to see
the
added rule, but that didn't really work.
Thank you
Alex
Alexander Dalloz
2016-Jun-20 19:09 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Am 20.06.2016 um 21:01 schrieb Alexander Farber:> Good evening, > > on a CentOS 7 LAMP (not gateway) dedicated server I am > using iptables-services with the following /etc/sysconfig/iptables: > > > *filter > :INPUT DROP [0:0] > :FORWARD DROP [0:0] > :OUTPUT ACCEPT [294:35064] > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports > 25,80,443,8080 -j ACCEPT > -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags > FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT > COMMIT[ ... ]> # iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 > > but I can not figure out the corresponding line for the > /etc/sysconfig/iptablesYou will be surprised how easy it is to save the current ruleset: /usr/libexec/iptables/iptables.init save> I have tried running the above command and then "iptables -S" to see the > added rule, but that didn't really work. > > Thank you > AlexRegards Alexander
Todor Petkov
2016-Jun-20 19:10 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Mon, Jun 20, 2016 at 10:01 PM, Alexander Farber <alexander.farber at gmail.com> wrote: <cut>> > However I actually need my Jetty program to run at port 80 - so that users > behind corporate firewalls can connect too. > > The Jetty doc at > https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html > suggests to run the command > > # iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 > > but I can not figure out the corresponding line for the > /etc/sysconfig/iptables > > I have tried running the above command and then "iptables -S" to see the > added rule, but that didn't really work. > > Thank you > AlexHi, you can add the rule and then run "service iptables save" - it will save the current rules in /etc/sysconfig/iptables when you run "iptables" or "iptables -S", it prints only the filter chain by default. Try "iptables-save" - it prints all rules. The other option is "iptables -t nat -L -n" or "iptables -t nat -S" Hope it helps. Regards,
Alexander Farber
2016-Jun-21 09:30 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello again, unfortunately the following /etc/sysconfig/iptables file does not work: *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT #-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT --to-ports 8080 COMMIT *filter :INPUT DROP :OUTPUT ACCEPT :FORWARD DROP -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 25,80,443,8080 -j ACCEPT -A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT COMMIT I need incoming HTTP-connections to 144.76.184.154:80 to be redirected to 144.76.184.154:8080 (where Jetty is listening as user "nobody"), but for some reason this does not happen. When I browse to http://144.76.184.154:8080 then I see Jetty response. But when I browse to http://144.76.184.154 nothing is returned. Can anybody please spot the error for me? Thank you Alex
Apparently Analagous Threads
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- haproxy + Apache + virtual hosts -> wrong host is displayed