Re: port _redirection_ within single machine
Use "targets SNAT and DNAT, not REDIRECT". Also try something that
matchs, use '-vL' too see what is going on.
# iptables -t nat -I PREROUTING <SKIP?: --src <REPLACE:192.168.0.0/24>>
--dst <REPLACE:192.168.0.50> -p tcp --dport 80 -j DNAT --to-destination
<REPLACE:192.168.0.50>:8080
--- Martin Slouf <xslom03@vse.cz> wrote:
> Hi all,
>
> im newbie in firewall building and iptables; ive started to read the
> documentation recently, but no answer found yet for a problem on a port
> redirecting. help me pls.
>
> My computer is running tomcat on 8080, no web server there. tomcat is
> running as a separate user (tomcat).
>
> I would like to have all requests to port 80 (nothing there) being
> redirected to 8080 (tomcat waiting) _within_ the same machine.
>
> I think i have the possibility of starting tomcat as the root user,
> gain control over privilleged port 80 and then drop privilleges and
> continue running as the unprivilleged user (tomcat). (am i right? im
> using 'start-stop-daemon' and from the man page im not sure i can do
> this -- it seems it drops privilleges _before_ starting the process --
> anyway, this solution is satisfying, but not ideal.)
>
> so far so good.
>
> The problem is that users have already got accustomed to the port 8080;
> so i want to keep tomcat running on 8080 and for any new users i want
> port 80 being redirected from port 80 to 8080 transparently.
>
> i created this rule for port redirection, but it does not do what i
> expect. any solutions or suggestions why? (googling always ends with
> port forwarding / masquarading issues (targets SNAT and DNAT, not
> REDIRECT).)
>
> iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \
> -p tcp --dport 80 -j REDIRECT --to-ports 8080
>
> maybe a clue?
>
> im browsing kernel documentation now -- maybe
> option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be
> done locally -- computer is not connected to network now)?
>
> thx for any help.
>
> martin.
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
Reply to: