[CentOS] NAT from eth0:0 port 80 to lo port 8080?
Les Mikesell
lesmikesell at gmail.comSun May 13 22:24:22 UTC 2007
- Previous message: [CentOS] NAT from eth0:0 port 80 to lo port 8080?
- Next message: [CentOS] building cobbler on centos
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jeff Potter wrote:
>
>> Why do you want to redirect the HTTP traffic to the same box?
>
> So that jboss can be installed under a "vanilla" user account without
> needing any superuser privileges, and so that the box doesn't have to be
> configured in any way other than the iptables rule. Running on localhost
> (or some 10.x.x.x IP) further removes any chance of direct port 8080
> access (by some other admin accidently messing up a firewall rule).
I do it like this where $IP is the interface used by a load balancer
front end:
/sbin/iptables -t nat -A PREROUTING -d $IP -p tcp --dport 80 -j REDIRECT
--to-ports 8080
/sbin/iptables -t nat -A OUTPUT -d $IP -p tcp --dport 80 -j REDIRECT
--to-ports 8080
In my case I do want it to answer directly on port 8080 on the interface
too because I have a monitoring program that hits a test page there. In
retrospect it probably wasn't even worth limiting the original
destination interface because these boxes have several and a setup
script has to be run on each new box to figure out the $IP in the
command - and it wouldn't have hurt to redirect them all.
--
Les Mikesell
lesmikesell at gmail.com
- Previous message: [CentOS] NAT from eth0:0 port 80 to lo port 8080?
- Next message: [CentOS] building cobbler on centos
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list