[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

port _redirection_ within single machine

Hi all,

im newbie in firewall building and iptables; ive started to read the
documentation recently, but no answer found yet for a problem on a port
redirecting. help me pls.

My computer is running tomcat on 8080, no web server there. tomcat is
running as a separate user (tomcat).

I would like to have all requests to port 80 (nothing there) being
redirected to 8080 (tomcat waiting) _within_ the same machine.

I think i have the possibility of starting tomcat as the root user,
gain control over privilleged port 80 and then drop privilleges and
continue running as the unprivilleged user (tomcat). (am i right? im
using 'start-stop-daemon' and from the man page im not sure i can do
this -- it seems it drops privilleges _before_ starting the process --
anyway, this solution is satisfying, but not ideal.)

so far so good.

The problem is that users have already got accustomed to the port 8080;
so i want to keep tomcat running on 8080 and for any new users i want
port 80 being redirected from port 80 to 8080 transparently.

i created this rule for port redirection, but it does not do what i
expect. any solutions or suggestions why? (googling always ends with
port forwarding / masquarading issues (targets SNAT and DNAT, not

iptables -t nat -I PREROUTING --src 0/0 --dst \
-p tcp --dport 80 -j REDIRECT --to-ports 8080

maybe a clue?

im browsing kernel documentation now -- maybe
option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be
done locally -- computer is not connected to network now)?

thx for any help.


Reply to: