[CentOS] NAT from eth0:0 port 80 to lo port 8080?
Les Mikesell
lesmikesell at gmail.comSun May 13 22:24:22 UTC 2007
- Previous message: [CentOS] NAT from eth0:0 port 80 to lo port 8080?
- Next message: [CentOS] building cobbler on centos
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeff Potter wrote: > >> Why do you want to redirect the HTTP traffic to the same box? > > So that jboss can be installed under a "vanilla" user account without > needing any superuser privileges, and so that the box doesn't have to be > configured in any way other than the iptables rule. Running on localhost > (or some 10.x.x.x IP) further removes any chance of direct port 8080 > access (by some other admin accidently messing up a firewall rule). I do it like this where $IP is the interface used by a load balancer front end: /sbin/iptables -t nat -A PREROUTING -d $IP -p tcp --dport 80 -j REDIRECT --to-ports 8080 /sbin/iptables -t nat -A OUTPUT -d $IP -p tcp --dport 80 -j REDIRECT --to-ports 8080 In my case I do want it to answer directly on port 8080 on the interface too because I have a monitoring program that hits a test page there. In retrospect it probably wasn't even worth limiting the original destination interface because these boxes have several and a setup script has to be run on each new box to figure out the $IP in the command - and it wouldn't have hurt to redirect them all. -- Les Mikesell lesmikesell at gmail.com
- Previous message: [CentOS] NAT from eth0:0 port 80 to lo port 8080?
- Next message: [CentOS] building cobbler on centos
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list