port _redirection_ within single machine
Hi all,
im newbie in firewall building and iptables; ive started to read the
documentation recently, but no answer found yet for a problem on a port
redirecting. help me pls.
My computer is running tomcat on 8080, no web server there. tomcat is
running as a separate user (tomcat).
I would like to have all requests to port 80 (nothing there) being
redirected to 8080 (tomcat waiting) _within_ the same machine.
I think i have the possibility of starting tomcat as the root user,
gain control over privilleged port 80 and then drop privilleges and
continue running as the unprivilleged user (tomcat). (am i right? im
using 'start-stop-daemon' and from the man page im not sure i can do
this -- it seems it drops privilleges _before_ starting the process --
anyway, this solution is satisfying, but not ideal.)
so far so good.
The problem is that users have already got accustomed to the port 8080;
so i want to keep tomcat running on 8080 and for any new users i want
port 80 being redirected from port 80 to 8080 transparently.
i created this rule for port redirection, but it does not do what i
expect. any solutions or suggestions why? (googling always ends with
port forwarding / masquarading issues (targets SNAT and DNAT, not
REDIRECT).)
iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \
-p tcp --dport 80 -j REDIRECT --to-ports 8080
maybe a clue?
im browsing kernel documentation now -- maybe
option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be
done locally -- computer is not connected to network now)?
thx for any help.
martin.
Reply to: