I'm curious, why don't you use Apache and JK connector? Evgeny Gesin
--- David Wall <[EMAIL PROTECTED]> wrote: > You are absolutely correct. In fact, I've abandoned > JSVC precisely because > I can do this. This is great because not only do > you need the extra JSVC, > but you don't need to start as root at all. > > For example, here are the iptables rules I use under > RH 9 to effect what > Vitor is saying: > > (If you're using the /etc/rc.d/init.d/iptables > script, this is the control > file for it -- of course, you could do this > "manually" by simply putting the > command 'iptables' in front of these lines and > assuming that your INPUT > chain jumps to the YOZONS-BPN-INPUT ) > > -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 80 > --tcp-flags SYN,RST,ACK SYN -j > ACCEPT > -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 443 > --tcp-flags SYN,RST,ACK SYN -j > ACCEPT > -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8080 > --tcp-flags SYN,RST,ACK > SYN -j ACCEPT > -A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8443 > --tcp-flags SYN,RST,ACK > SYN -j ACCEPT > > The above lines are assuming you block all access to > your system except for > what you let in. This allows the INPUT packets to > come in on the standard > ports of 80 and 443 (only 443 if you need HTTPS) as > well as the "tomcat" > ports of 8080 and 8443. > > Then, using the NAT commands (on iptables table "-t > nat") to do port > redirecting: > > -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT > --to-ports 8443 > -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT > --to-ports 8080 > > This maps the production ports to the tomcat > listening ports. > > In your tomcat server.xml file, continue to use the > 8080/8443 Connector > ports, and if you need 8080 to redirect to SSL, I'd > suggest you redirect to > 443 (the standard port). You could have it redirect > to 8443, but then the > 8443 will appear in all your URLs and if your > visitors have an egress > firewall, they likely won't be able to reach your > system, so it looks like: > > <Connector port="8080" > maxThreads="20" minSpareThreads="10" > maxSpareThreads="10" > enableLookups="false" > redirectPort="443" acceptCount="100" > debug="0" connectionTimeout="20000" > disableUploadTimeout="true" > maxPostSize="100000000" /> > > > Good luck, > David __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
