Redirect local, not internal, requests using SuSEfirewall2 or an iptables rule

Posted by James on Server Fault See other posts from Server Fault or by James
Published on 2012-03-16T21:34:02Z Indexed on 2012/03/19 10:08 UTC
Read the original article Hit count: 360

Filed under:
|

I have a server that is running a web application deployed on Tomcat and is sitting in a test network. We're running SuSE 11 sp1 and have some redirection rules for incoming requests. For example we don't bind port 80 in Tomcat's server.xml file, instead we listen on port 9600 and have a configuration line in SuSEfirewall2 to redirect port 80 to 9640. This is because Tomcat doesn't run as root and can't open up port 80.

My web application needs to be able to make requests to port 80 since that is the port it will be using when deployed. What rule can I add so that local requests get redirected by iptables?

I tried looking at this question: How do I redirect one port to another on a local computer using iptables? but suggestions there didn't seem to help me.

I tried running tcpdump on eth0 and then connecting to my local IP address (not 127.0.0.1, but the actual address) but I didn't see any activity. I did see activity if I connected from an external machine. Then I ran tcmpdump on lo, again tried to connect and this time I saw activity. So this leads me to believe that any requests made to my own IP address locally aren't getting handled by iptables.

Just for reference he's what my NAT table looks like now:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:http redir ports 9640
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:xfer redir ports 9640
REDIRECT   tcp  --  anywhere             anywhere            tcp dpt:https redir ports 8443

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

© Server Fault or respective owner

Related posts about iptables

Related posts about SLES