[lug] iptables redirection
George Sexton
gsexton at mhsoftware.com
Sat Jan 6 15:43:07 MST 2007
I'm having some problems with IPTABLES and thought maybe someone would
have some insight.
I'm running Apache Tomcat on a high port (say 8080). I have rules:
iptables -t nat -A PREROUTING -p tcp -i $WAN_IF --dport 80 -j REDIRECT
--to-port 8080
iptables -t nat -A PREROUTING -p tcp -i lo --dport 80 -j REDIRECT
--to-port 8080
So, any request that comes in for port 80 gets redirected to Tomcat on
port 80. I run tomcat as a non-privileged user, so it won't bind to port 80?
This is working really well. The fly in the ointment is that if I run
some code:
wget http://hostname.mhsoftware.com/SomeFile.html
it doesn't work. Apparently, the way the request gets routed through the
TCP/IP stack, my rule never gets hit. It appears to resolve that it's a
local address, and submit the request through the LO interface. Changing
the code to transparently use the actual real port number would be
really unpleasant and my last choice.
Does anyone know of a way around this?
Alternatively, does anyone understand capabilities enough that I could
just get Tomcat to run directly on port 80?
Please don't suggest Apache/mod_jk. I'm running over two hundred virtual
hosts per machine, and the overhead of configuration would just be
ridiculous.
--
George Sexton
MH Software, Inc.
Voice: +1 303 438 9585
URL: http://www.mhsoftware.com/
More information about the LUG
mailing list