Not signed in (Sign In)

Slice Setup: IPTables redirect port 80 to port 8080

Bottom of Page

1 to 10 of 10

  1.  
    • CommentAuthorcheeyong
    • CommentTimeOct 20th 2008
     permalink
    I am new to IPTables. So please help.
    Following the tutorials in tutorial CentOS setup - page 1:

    iptables -A INPUT -i lo -j ACCEPT
    iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -j ACCEPT
    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    iptables -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT
    iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    iptables -A INPUT -j REJECT
    iptables -A FORWARD -j REJECT

    I open ports 80 and port 433 in my iptables.
    My Tomcat installation is listening at port 8080 and 8443.

    How do I redirect the http requests (port 80) coming in to port 8080?
    And https request (port 433) to port 8443?

    Thanks!
    • CommentAuthordeurbroucq
    • CommentTimeOct 20th 2008
     permalink
    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

    deurbroucq :)
    • CommentAuthorcheeyong
    • CommentTimeOct 21st 2008
     permalink
    Hi deurbroucq

    I tried
    iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

    However, I could not get see the default Tomcat page on port 80.

    If I flush the iptables; using iptables -F

    I will be able to see the default tomcat page on port 8080.

    What am I doing wrong here?

    Thanks!
    • CommentAuthorcheeyong
    • CommentTimeOct 21st 2008
     permalink
    This is my print out when I do "iptables -L"; there is no difference before and after I do "iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080"

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere tcp dpt:http
    ACCEPT tcp -- anywhere anywhere tcp dpt:https
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:30000
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Please help. Thanks!
    • CommentAuthordrobbins
    • CommentTimeOct 21st 2008
     permalink
    Back in your original post, you need to add rules to accept traffic on ports 8080 and 8443. Then add the redirect as deurbroucq suggests.

    Otherwise, the redirect is happening but the "--to-port" is blocked.

    When you flush iptables and add the redirect it works because then there are no restrictions on ports 8080 and 8443.

    At least I think that's what's happening :)
    • CommentAuthorcheeyong
    • CommentTimeOct 21st 2008
     permalink
    After commenting out line by line to see which line is giving me the trouble.

    I narrow it to this line:
    iptables -A INPUT -j REJECT

    If I do not include this line. I can get my browser to point to my IP address (port 80) and it will direct to the port 8080 where Tomcat is listening.

    I do not know much about iptables.

    Is there any way to amend this line "iptables -A INPUT -j REJECT" so that I still get a decent firewall on my server?

    Thanks!
    • CommentAuthordeurbroucq
    • CommentTimeOct 22nd 2008
     permalink
    Per drobbins, you still need to open port 8080. Try this:

    --iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
    --iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
    --iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
    • CommentAuthorcheeyong
    • CommentTimeOct 23rd 2008
     permalink
    Thank you deurbroucq and drobbins!

    It works after I tried

    --iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
    --iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
    --iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
  9.  permalink
    Hello eveyone,

    I'm setting up a Proxy and I'm having much trouble with the following iptables rules:

    --iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
    --iptables -A INPUT -i eth0 -p tcp --dport 8080 -j ACCEPT
    --iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

    after that I do a "iptables -L command" and only the first 2 rules are accepted

    target prot opt source destination
    ACCEPT tcp -- anywhere anywhere tcp dpt:www
    ACCEPT tcp -- anywhere anywhere tcp dpt:webcache

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    I would like to know if there's any chance I'm doing anything wrong, all I want to do is redirect traffic from port 80 to 8080 so my squid proxy can filter it.

    Thanks in advance
    • CommentAuthorejeffrey
    • CommentTimeNov 1st 2008
     permalink
    I am not sure what you are trying to do exactly.

    Normally the way you would run a proxy/cache for a server is to run squid on port 80 and no iptables trickery is needed. Squid would then be configured to proxy to whatever backend webserver you want.

    Your iptables rules look OK to me.

1 to 10 of 10

  1.