On Thursday 05 December 2002 15:23, Kristj�n R�narsson wrote:
> This leaves me with the option of running apache as a normal user and
> setting up some sort of a redirect service that runs as root which is a
> pretty unelegant solution compared to a tomcat that suid's it self down
> after accessing privileged resources.
Don't panic!
I have traveled your route already.
It's quite easy to redirect remote traffic to an other port:
# iptables -t nat -A PREROUTING -p tcp -d <your_IP> --dport 80 \
-j REDIREDT --to-port 8080
You have to change $TOMCAT_HOME/conf/server.xml and add te option proxyPort to
each connector.
If this is not enough, I can give you my firewall script which blocks all
incomming traffic but allow remote traffic to the low and high HTTP-ports and
setup the DNAT.
The difficult part is to setup *local* traffic to the server. This kind of
traffic never reaches the PREROUTING part of the chain. If you don't allow
browsers on your server, you are done. If you - as do I - use your server as
your desktop machine, you also need a *local* port forwarder.
If you want, I can give you my setup and the solutions I found.
> Cheers
>
> KR
Regards,
Cees.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
