Versions Compared

Old Version 31

changes.mady.by.user Daniela Bourges-Waldegg

Saved on

compared with

New Version 32

changes.mady.by.user Mike Cherry

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • have been tested under Ubuntu Linux 9.10 _(krazy kitten), Fedora 12 and 14, and CentOS 6.03
  • assume you are running Tomcat on port 8080. To redirect the HTTPS (HTTP on SSL) port, also run the 3 additional iptables commands (assuming port 443) below.
  • require root privileges
  • assume the Bourne shell (/bin/sh)


  1. To check the what rules are running
    No Format
    iptables -t nat -n -L
  2. Discover your machine's primary IP address and set the ADDR shell variable: (Note that this assumes eth0 is your primary network interface --use ifconfig -a to see them all)
    No Format
    ADDR=`ifconfig eth0 | perl -ne 'print "$1\n" if m/\sinet addr\:(\d+\.\d+\.\d+\.\d+)\s/;'`
  3. Run these iptables commands to redirect all port 80 requests to port 8080.
    No Format
    iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080
  4. (If using SSL) Run these iptables commands to redirect all port 443 requests to port 8443.
    No Format
    iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
  5. Check that your new rules are running (use the command above)
  6. Additional configuration
    1. Ubuntu
      1. Save the rules in the canonical place to be reloaded on boot:
        No Format
        iptables-save > /etc/iptables.rules
      2. Create a script to be run by the network startup infrastructure that will reload the iptables whenever the network is configured on:
        No Format
        cat << EOF > /etc/network/if-pre-up.d/iptablesload
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
    2. Fedora
      1. Save the rules to be reloaded on boot:
        1. The cleaner/preferable method, but apparently not working:
          No Format
          /sbin/iptables-save
        2. Hacky, but works: manually edit /etc/sysconfig/iptables
      2. Update the startup settings so iptables will run upon reboot:
        No Format
        chkconfig --level 35 iptables on
  7. Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.

...