Redirect local, not internal, requests using SuSEfirewall2 or an iptables rule
Posted
by
James
on Server Fault
See other posts from Server Fault
or by James
Published on 2012-03-16T21:34:02Z
Indexed on
2012/03/19
10:08 UTC
Read the original article
Hit count: 360
I have a server that is running a web application deployed on Tomcat and is sitting in a test network. We're running SuSE 11 sp1 and have some redirection rules for incoming requests. For example we don't bind port 80 in Tomcat's server.xml file, instead we listen on port 9600 and have a configuration line in SuSEfirewall2 to redirect port 80 to 9640. This is because Tomcat doesn't run as root and can't open up port 80.
My web application needs to be able to make requests to port 80 since that is the port it will be using when deployed. What rule can I add so that local requests get redirected by iptables?
I tried looking at this question: How do I redirect one port to another on a local computer using iptables? but suggestions there didn't seem to help me.
I tried running tcpdump on eth0 and then connecting to my local IP address (not 127.0.0.1, but the actual address) but I didn't see any activity. I did see activity if I connected from an external machine. Then I ran tcmpdump on lo, again tried to connect and this time I saw activity. So this leads me to believe that any requests made to my own IP address locally aren't getting handled by iptables.
Just for reference he's what my NAT table looks like now:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 9640
REDIRECT tcp -- anywhere anywhere tcp dpt:xfer redir ports 9640
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
© Server Fault or respective owner