> Only for port redirection you don't need to buy any hardware. > If you are running tomcat inside a linux box, you can configure iptables > to do the port redirection. Everything via software, no hardware. > > Vitor
You are absolutely correct. In fact, I've abandoned JSVC precisely because I can do this. This is great because not only do you need the extra JSVC, but you don't need to start as root at all. For example, here are the iptables rules I use under RH 9 to effect what Vitor is saying: (If you're using the /etc/rc.d/init.d/iptables script, this is the control file for it -- of course, you could do this "manually" by simply putting the command 'iptables' in front of these lines and assuming that your INPUT chain jumps to the YOZONS-BPN-INPUT ) -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8080 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT The above lines are assuming you block all access to your system except for what you let in. This allows the INPUT packets to come in on the standard ports of 80 and 443 (only 443 if you need HTTPS) as well as the "tomcat" ports of 8080 and 8443. Then, using the NAT commands (on iptables table "-t nat") to do port redirecting: -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 This maps the production ports to the tomcat listening ports. In your tomcat server.xml file, continue to use the 8080/8443 Connector ports, and if you need 8080 to redirect to SSL, I'd suggest you redirect to 443 (the standard port). You could have it redirect to 8443, but then the 8443 will appear in all your URLs and if your visitors have an egress firewall, they likely won't be able to reach your system, so it looks like: <Connector port="8080" maxThreads="20" minSpareThreads="10" maxSpareThreads="10" enableLookups="false" redirectPort="443" acceptCount="100" debug="0" connectionTimeout="20000" disableUploadTimeout="true" maxPostSize="100000000" /> Good luck, David --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]