Page History
...
- have been tested under Ubuntu Linux 9.10 _(krazy kitten), Fedora 12 and 14, and CentOS 6.03
- assume you are running Tomcat on port 8080. To redirect the HTTPS (HTTP on SSL) port, also run the 3 additional iptables commands (assuming port 443) below.
- require root privileges
- assume the Bourne shell (/bin/sh)
- To check the what rules are running
No Format iptables -t nat -n -L
- Discover your machine's primary IP address and set the ADDR shell variable: (Note that this assumes eth0 is your primary network interface --use
ifconfig -a
to see them all)No Format ADDR=`ifconfig eth0 | perl -ne 'print "$1\n" if m/\sinet addr\:(\d+\.\d+\.\d+\.\d+)\s/;'`
- Run these iptables commands to redirect all port 80 requests to port 8080.
No Format iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 80 -j REDIRECT --to-ports 8080
- (If using SSL) Run these iptables commands to redirect all port 443 requests to port 8443.
No Format iptables -t nat -A OUTPUT -d localhost -p tcp --dport 443 -j REDIRECT --to-ports 8443 iptables -t nat -A OUTPUT -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443 iptables -t nat -A PREROUTING -d $ADDR -p tcp --dport 443 -j REDIRECT --to-ports 8443
- Check that your new rules are running (use the command above)
- Additional configuration
- Ubuntu
- Save the rules in the canonical place to be reloaded on boot:
No Format iptables-save > /etc/iptables.rules
- Create a script to be run by the network startup infrastructure that will reload the iptables whenever the network is configured on:
No Format cat << EOF > /etc/network/if-pre-up.d/iptablesload #!/bin/sh iptables-restore < /etc/iptables.rules exit 0 EOF
- Save the rules in the canonical place to be reloaded on boot:
- Fedora
- Save the rules to be reloaded on boot:
- The cleaner/preferable method, but apparently not working:
No Format /sbin/iptables-save
- Hacky, but works: manually edit
/etc/sysconfig/iptables
- The cleaner/preferable method, but apparently not working:
- Update the startup settings so iptables will run upon reboot:
No Format chkconfig --level 35 iptables on
- Save the rules to be reloaded on boot:
- Ubuntu
- Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.
...
Overview
Content Tools