Alexander Farber
2016-Jun-21 14:24 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello Gordon and others On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> On 06/21/2016 02:30 AM, Alexander Farber wrote: > >> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT >> --to-ports 8080 >> > > > I think you have the ports backward, here. >here the problem description again: I have Jetty running as user "nobody" at the port 8080. I need to redirect incoming HTTP requests to port 80 to the above port. (So I don't think I have ports backwards). Here is my current /etc/sysconfig/iptables: *filter :INPUT ACCEPT :OUTPUT ACCEPT :FORWARD ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports 25,80,443,8080 -j ACCEPT -A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT -A FORWARD -p tcp -m tcp --dst 144.76.184.154 --dport 8080 -j ACCEPT COMMIT *nat :INPUT ACCEPT :OUTPUT ACCEPT :PREROUTING ACCEPT :POSTROUTING ACCEPT -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT --to-port 80 COMMIT And here is my /etc/sysctl.conf: net.ipv4.ip_forward=1 net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 Unfortunately, the redirect does not work: When I browse to my site port 8080, I see Jetty. When I browse to my site port 80, connection is refused. Here I print the tables: # iptables -t filter -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT tcp -- anywhere anywhere tcp state NEW multiport dports smtp,http,https,webcache ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN state NEW limit: avg 2/min burst 1 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere afarber.de tcp dpt:webcache Chain OUTPUT (policy ACCEPT) target prot opt source destination # iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere afarber.de tcp dpt:webcache redir ports 80 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Please help Alex
John Hodrien
2016-Jun-21 14:34 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Tue, 21 Jun 2016, Alexander Farber wrote:> Please helpAre you sure you want this as a PREROUTING rule, and not simply an INPUT rule? jh
Alexander Dalloz
2016-Jun-21 14:38 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Am 2016-06-21 16:24, schrieb Alexander Farber:> Hello Gordon and others[ ... ]> here the problem description again: > > I have Jetty running as user "nobody" at the port 8080. > > I need to redirect incoming HTTP requests to port 80 to the above port. > > (So I don't think I have ports backwards). > > Here is my current /etc/sysconfig/iptables: > > *filter > :INPUT ACCEPT > :OUTPUT ACCEPT > :FORWARD ACCEPT > -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT > -A INPUT -i lo -j ACCEPT > -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT > -A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports > 25,80,443,8080 -j ACCEPT > -A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags > FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT > -A FORWARD -p tcp -m tcp --dst 144.76.184.154 --dport 8080 -j ACCEPT > COMMIT > > *nat > :INPUT ACCEPT > :OUTPUT ACCEPT > :PREROUTING ACCEPT > :POSTROUTING ACCEPT > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > --to-port 80That's not what you want and described above. What you are doing here is redirect traffic to destination address 144.76.184.154 on destination port 8080 to port 80. Instead you want to achieve that traffic destined to port 80 is redirected locally to port 8080 where jetty is listening.> COMMIT[ ... ]> Please help > AlexRegards Alexander
Always Learning
2016-Jun-21 14:46 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote:> *nat > :INPUT ACCEPT > :OUTPUT ACCEPT > :PREROUTING ACCEPT > :POSTROUTING ACCEPT > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > --to-port 80http://www.karlrupp.net/en/computer/nat_tutorial # IMPORTANT: Activate IP-forwarding in the kernel! # Disabled by default! $> echo "1" > /proc/sys/net/ipv4/ip_forward ~~~~~~~~~~~~~~~ Is that a solution ? -- Regards, Paul. England, EU. England's place is in the European Union.
Always Learning
2016-Jun-21 14:58 UTC
[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote:> On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote: > > > *nat > > :INPUT ACCEPT > > :OUTPUT ACCEPT > > :PREROUTING ACCEPT > > :POSTROUTING ACCEPT > > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT > > --to-port 80 > > http://www.karlrupp.net/en/computer/nat_tutorial > > # IMPORTANT: Activate IP-forwarding in the kernel! > > # Disabled by default! > $> echo "1" > /proc/sys/net/ipv4/ip_forward > > ~~~~~~~~~~~~~~~ > > Is that a solution ?and this ? # TCP packets from 192.168.1.2, port 12345 to 12356 # to 123.123.123.123, Port 22 # (a backslash indicates contination at the next line) iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.2 \ --sport 12345:12356 -d 123.123.123.123 --dport 22 [...] -- Regards, Paul. England, EU. England's place is in the European Union.
Apparently Analagous Threads
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
- Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?