Hi all, im newbie in firewall building and iptables; ive started to read the documentation recently, but no answer found yet for a problem on a port redirecting. help me pls.
My computer is running tomcat on 8080, no web server there. tomcat is running as a separate user (tomcat). I would like to have all requests to port 80 (nothing there) being redirected to 8080 (tomcat waiting) _within_ the same machine. I think i have the possibility of starting tomcat as the root user, gain control over privilleged port 80 and then drop privilleges and continue running as the unprivilleged user (tomcat). (am i right? im using 'start-stop-daemon' and from the man page im not sure i can do this -- it seems it drops privilleges _before_ starting the process -- anyway, this solution is satisfying, but not ideal.) so far so good. The problem is that users have already got accustomed to the port 8080; so i want to keep tomcat running on 8080 and for any new users i want port 80 being redirected from port 80 to 8080 transparently. i created this rule for port redirection, but it does not do what i expect. any solutions or suggestions why? (googling always ends with port forwarding / masquarading issues (targets SNAT and DNAT, not REDIRECT).) iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \ -p tcp --dport 80 -j REDIRECT --to-ports 8080 maybe a clue? im browsing kernel documentation now -- maybe option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be done locally -- computer is not connected to network now)? thx for any help. martin.
