Rob@Rojotek
Software Development in Brisbane
« Updating RubyGems in OSX 10.5.7
Influence: The Psychology of Persuasion - Book Review »

Port forwarding with iptables and debain

 

Subtitle: 

Avoid Remembering that VMWare Server Listens on Port 8333 

Alternate subtitle:

Make Tomcat Listen on Port 80

It's increasingly common for applications to have web front ends.  These all tend to run on their own port, which is nice in that it stops services from running into each other (and means that they can run as non-root), but is somewhat painful in that there are always a whole heap of different ports to remember.  Exposing a service over port 80 makes it much easier to use (especially on ie which is dumb, and doesn't know to make requests to non standard ports default to port 80, generating much rsi, and many hours logged into the IE Waste Recorder).  Making services listen on port 80 on Debian is pretty straight forward.  Follow the process below (which I pinched from someone somewhere in the blogosphere a while ago, put on a server as a part of some work with SSH Tunnelling, and only remembered recently when we were getting some VMWare servers setup). So here is the script. In your /etc/network/if-up.d add a script with the following:

#!/bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# Flush any existing firewall rules we might have
 iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Perform the rewriting magic.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to 8222
iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8222

This forwards requests from port 80 to port 8222, and will work for local and remote requests.  I keep this in a script called /etc/network/if-up.d/firewall, because iptables is firewallish, and I believe this is the standard place for this to live.  Remember to chmod +x the script. 8222 is the http port for vmware, and will redirect to 8333 using https. By putting the script in the /etc/network/if-up.d it will automatically be run when the networking layer of your debian installation is brought up.

As per the NewInstance post, this will work for Tomcat as well (Luigi put the iptables rules in a different spot, but that was in 2005, and /etc/network/if-up.d is the right place for this).

So with the above iptables rules, it will be easy to make any service available on port 80.

This entry was posted on Tuesday, June 2nd, 2009 at 11:59 am and is filed under Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Layout from Tutorials-db.com - Photoshop Tutorials, Powered by WordPress
Entries (RSS) and Comments (RSS).