Re: port _redirection_ within single machine

To: Martin Slouf <xslom03@vse.cz>, debian-firewall@lists.debian.org
Subject: Re: port _redirection_ within single machine
From: Mike Mestnik <cheako911@yahoo.com>
Date: Sat, 14 Aug 2004 20:08:40 -0700 (PDT)
Message-id: <[🔎] 20040815030840.11431.qmail@web11907.mail.yahoo.com>
In-reply-to: <[🔎] 20040814160420.GA6943@barbucha.martin.net>

Use "targets SNAT and DNAT, not REDIRECT".  Also try something that
matchs, use '-vL' too see what is going on.

# iptables -t nat -I PREROUTING <SKIP?: --src <REPLACE:192.168.0.0/24>>
--dst <REPLACE:192.168.0.50> -p tcp --dport 80 -j DNAT --to-destination
<REPLACE:192.168.0.50>:8080

--- Martin Slouf <xslom03@vse.cz> wrote:

> Hi all,
> 
> im newbie in firewall building and iptables; ive started to read the
> documentation recently, but no answer found yet for a problem on a port
> redirecting. help me pls.
> 
> My computer is running tomcat on 8080, no web server there. tomcat is
> running as a separate user (tomcat).
> 
> I would like to have all requests to port 80 (nothing there) being
> redirected to 8080 (tomcat waiting) _within_ the same machine.
> 
> I think i have the possibility of starting tomcat as the root user,
> gain control over privilleged port 80 and then drop privilleges and
> continue running as the unprivilleged user (tomcat). (am i right? im
> using 'start-stop-daemon' and from the man page im not sure i can do
> this -- it seems it drops privilleges _before_ starting the process --
> anyway, this solution is satisfying, but not ideal.)
> 
> so far so good.
> 
> The problem is that users have already got accustomed to the port 8080;
> so i want to keep tomcat running on 8080 and for any new users i want
> port 80 being redirected from port 80 to 8080 transparently.
> 
> i created this rule for port redirection, but it does not do what i
> expect. any solutions or suggestions why? (googling always ends with
> port forwarding / masquarading issues (targets SNAT and DNAT, not
> REDIRECT).)
> 
> iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \
> -p tcp --dport 80 -j REDIRECT --to-ports 8080
> 
> maybe a clue?
> 
> im browsing kernel documentation now -- maybe
> option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be
> done locally -- computer is not connected to network now)?
> 
> thx for any help.
> 
> martin.
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: port _redirection_ within single machine
  - From: "Robert Vangel" <vangelr@rfgt.net>

References:
- port _redirection_ within single machine
  - From: Martin Slouf <xslom03@vse.cz>

Prev by Date: visit this web page
Next by Date: screwworm aural chance footage
Previous by thread: Re: port _redirection_ within single machine
Next by thread: Re: port _redirection_ within single machine
Index(es):
- Date
- Thread