iptables port forwarding
I posted a comment suggesting to set tomcat to listen on 80 or to use apache/nginx as a reverse proxy, which is what I think you should really be doing. But for posterity I will also answer your iptables
question.
The problem is that what you're doing isn't DNAT, it's port redirection. Instead of -j DNAT
you need -j REDIRECT
.
E.g.:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Related videos on Youtube
ManiP
Updated on September 18, 2022Comments
-
ManiP over 1 year
I have a CentOS server with Java/J2EE(Tomcat) installed on TCP port 8080. I have two interfaces, eth0 and lo.
I need to forward all incoming connection on TCP port 80 to 8080.
I tried doing the following which works:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to x.x.x.x:8080 iptables -A INPUT -p tcp -m state --state NEW --dport 8080 -i eth0 -j ACCEPT
where x.x.x.x is the ip associated to the eth0 interface.
This appears to also open port 8080 to the outside world, which I don't want to do. I only want port 80 exposed to the outside world, forwarding all traffic to 8080.
Any help would be appreciated.
Update : The iptables -L looks like below
[root@server admin]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED DROP tcp -- anywhere anywhere state NEW tcp dpt:http Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@server admin]#
iptables -t nat --list looks like below
[root@server admin]# iptables -t nat --list Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:http to:x.x.x.x:8080 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@server admin]# ^C
-
Admin almost 10 yearsWhy not configure tomcat to listen on port 80? Or use apache/nginx as a reverse proxy?
-
-
ManiP over 10 yearsSorry, your solution doens't work. Would any more information help you provide me a better answer?
-
Ludwig Schulze over 10 yearsDid you cleared your iptables before adding the rule?
sudo iptables -F
? -
Ludwig Schulze over 10 yearsCould you edit the question and add how
sudo iptables -L
looks like?