>From our sys admin, Ed Marshall, not sure if it works or not, :-)
Requirements: 2.4.x kernel (for distributions, Red Hat 7.1, SuSE 7.1, and I
*think* Mandrake 8.0 should satisfy this) and the "iptables"
command.
The following is the magic command line:
iptables -t nat -A PREROUTING -p tcp -d <addr1> --dport <orig_port> \
-j DNAT --to <addr2>:<new_port>
...where <addr1> is the original target address, <orig_port> is the original
target port, <addr2> is the address you want to redirect traffic to (this
can
be the same as the first address, which is what we did with the web servers
at Exodus), and <new_port> is the port you want to redirect traffic to.
>From a fair bit of experimenting, I can't see a clean way to implement this
with ipchains (the filtering mechanism present in 2.2.x kernels); you end up
getting tripped up if you want the traffic to remain local (it works fine if
you need to redirect to another system, using standard IPMASQ stuff).
The details of the command are a little involved; you're adding a rule to
the
"nat" table (Network Address Translation) under the PREROUTING chain. This
chain handles rewriting of packets before the system does *anything* with
them; you get a chance to rewrite the headers before it's handed off to the
routing layer for destination determination. "DNAT" is the target extension,
which defines the NAT destinations (--to).
The best informtion I've found on the subject has been from various mailing
lists and the MASQ HOW-TOs at http://www.ldp.org/ .
> ----- Original Message -----
> From: "marc fleury" <[EMAIL PROTECTED]>
> To: "Jboss-Development@Lists. Sourceforge. Net"
> <[EMAIL PROTECTED]>
> Sent: Wednesday, June 13, 2001 3:50 PM
> Subject: [JBoss-dev] please help (Unix port permissions)
>
>
> > I need help, pardon my ignorance of UNIX
> >
> > JBOSS.ORG runs on a linux box somewhere in the US. I am
> porting the whole
> > jboss site to run with JBOSS/TOMCAT as we are making the site a
> little more
> > "app" oriented and we need a real app server.
> >
> > So I want to create a user called joe and joe must have the
> rights to listen
> > on ports <1024, most notably joe must be able to launch
> JBOSS/TOMCAT on port
> > 80.
> >
> > what are the commands I must issue to get joe to get the right
> privileges?
> > feel free to answer in private...
> >
> > hoping the west coast brigade is still up...
> >
> > regards
> >
> > marcf
> >
> > _________________
> > Marc Fleury, Ph.D
> > [EMAIL PROTECTED]
> > _________________
> >
> >
> >
> > _______________________________________________
> > Jboss-development mailing list
> > [EMAIL PROTECTED]
> > http://lists.sourceforge.net/lists/listinfo/jboss-development
> >
>
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development
>
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
