I'm running Tomcat web server on port 8080. Since it's Java, I don't want to run it as root on port 80. So the solution would be to make an iptables rule or two to redirect all port 80 traffic to the unprivileged port 8080 that Tomcat is listening on.
So I've Googled a bit and looked around, and the common wisdom is that you can use a simple prerouting rule on the nat table to cause all traffic to
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
On a Debian system and a Suse system I had access to, the command works correctly. But on the Kubuntu system, I just get connection refused. Is Kubuntu doing something under the covers that I am not aware of?
Here are the details.
Tomcat's listening on 8080:
$ netstat -napt|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 1683/java
Prerouting rule is in effect...
$ iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
No other rules in effect...
$ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
But accessing via the eth0 interface fails...
$ telnet 192.168.0.10 80
Trying 192.168.0.10...
telnet: Unable to connect to remote host: Connection refused
Just to be complete, if I telnet to port 8080, connection is successful, as expected.
$ telnet 192.168.0.10 8080
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.
So I've Googled a bit and looked around, and the common wisdom is that you can use a simple prerouting rule on the nat table to cause all traffic to
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
On a Debian system and a Suse system I had access to, the command works correctly. But on the Kubuntu system, I just get connection refused. Is Kubuntu doing something under the covers that I am not aware of?
Here are the details.
Tomcat's listening on 8080:
$ netstat -napt|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 1683/java
Prerouting rule is in effect...
$ iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
No other rules in effect...
$ iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
But accessing via the eth0 interface fails...
$ telnet 192.168.0.10 80
Trying 192.168.0.10...
telnet: Unable to connect to remote host: Connection refused
Just to be complete, if I telnet to port 8080, connection is successful, as expected.
$ telnet 192.168.0.10 8080
Trying 192.168.0.10...
Connected to 192.168.0.10.
Escape character is '^]'.