In Linux (and most other *nix systems) ports 1-1024 are called “privileged ports”. That means that only root processes can listen and serve on those ports.
It is not always the best idea to run web server like Apache as root. Also many Java web servers such as Tomcat and application servers like JBoss and Glassfish run as default on port 8080.
I suggest here running various web servers in non-privileged ports (higher than 1024) as non root user – specially Java web servers.
It is assumed that your web server listens http traffic at port 8080 and port 8443 is used for SSL protected (https) traffic.
This is how you can forward all traffic from external port 80 to port 8080 and all traffic from port 443 to 8443.
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8443
Save the script above for example to text file “my_portforward” and load it to iptables by running command:
source my_portforward
You should have now working port forward from port 80 to port 8080 and from port 443 to 8443. If you have web server process running at port 8080 you should see the page with your favorite internet browser by pointing to your web server.
Notice that you do not see nat with command
iptables -L
Easiest way to see that you really successfully loaded redirect is to use command:
iptables-save | grep PREROUTING
Command iptables-save is also the command you need to make your firewall start automatically when you boot your computer.
How to make the firewall start at boot
First make /etc/iptables folder and your current active firewall rule there:
mkdir /etc/iptables
iptables-save > /etc/iptables/firewall
Then make script to load your firewall rules and save it to location
/etc/network/if-up.d/firewall
#!/bin/sh
iptables-restore < /etc/iptables/firewall
And check that script rights allow running it (as root or with sudo)
chmod 700 /etc/network/if-up.d/iptables
Copy from: http://www.2nrds.com/port-forwarding-in-linux
Subscribe to:
Post Comments (Atom)
3 comments:
Hi, its good article concerning media print, we all be familiar with media is
a impressive source of information.
my blog Juegos Online
I don't even know how I finished up here, however I believed this publish used to be good. I do not recognise who you are but certainly you are going to a well-known blogger for those who are not already. Cheers!
Visit my blog post jocuri online rpg strategie
Fantastic site. A lot of useful information here. I am sending it to a few buddies ans also sharing
in delicious. And of course, thank you to your sweat!
Visit my blog: aripiprazole no rx
Post a Comment