[CentOS] Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Alexander Farber
alexander.farber at gmail.com
Tue Jun 21 14:24:49 UTC 2016
Hello Gordon and others
On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>
here the problem description again:
I have Jetty running as user "nobody" at the port 8080.
I need to redirect incoming HTTP requests to port 80 to the above port.
(So I don't think I have ports backwards).
Here is my current /etc/sysconfig/iptables:
*filter
:INPUT ACCEPT
:OUTPUT ACCEPT
:FORWARD ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m tcp -m state --state NEW --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
-A FORWARD -p tcp -m tcp --dst 144.76.184.154 --dport 8080 -j ACCEPT
COMMIT
*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
-A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT
--to-port 80
COMMIT
And here is my /etc/sysctl.conf:
net.ipv4.ip_forward=1
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
Unfortunately, the redirect does not work:
When I browse to my site port 8080, I see Jetty.
When I browse to my site port 80, connection is refused.
Here I print the tables:
# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT tcp -- anywhere anywhere tcp state NEW
multiport dports smtp,http,https,webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
flags:FIN,SYN,RST,ACK/SYN state NEW limit: avg 2/min burst 1
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere afarber.de tcp
dpt:webcache
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere afarber.de tcp
dpt:webcache redir ports 80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Please help
Alex
More information about the CentOS
mailing list