Forwarding traffic from 80 to 8080 [closed]

Question

I have tomcat installed with puppet. It runs on standard 8080 port. The tomcat process is started as tomcat user. I'd like to redirect all traffic from port 80 to 8080. My iptables settings look as follows:

Nat:

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             anywhere             multiport dports http /* 099 forward port 80 to 8080 */ redir ports 8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination   

Standard iptables:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere             /* 000 accept all icmp */
ACCEPT     all  --  anywhere             anywhere             /* 001 accept all to lo interface */
REJECT     all  --  anywhere             loopback/8           /* 002 reject local traffic not on loopback interface */ reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             /* 003 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ssh /* 004 accept ssh */
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https /* 100 allow http and https access */
DROP       all  --  anywhere             anywhere             /* 999 drop all */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  

I see that netstat shows that tomcat process is listening on port 8080:

# netstat -tulpn | grep 80
tcp6       0      0 :::8080                 :::*                    LISTEN      16273/java      
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      16273/java      
tcp6       0      0 :::8009                 :::*                    LISTEN      16273/java  

Seems like nothing is listening on port 80 thou. telnet to that machine on port 80 and 8080 hugs.

What can I do to to forward all trafic from 80 to 8080?

Answer 1

Try this:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

And check the traffic:

sudo tcpdump -i any -n port 80

If you can't see the packet, you should check external firewall.

Answer 2

I've been using this for years:

iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

But, important: this only works for traffic that comes from other hosts in the network. I.e, you cannot test as this:

curl localhost:8080

nor

curl <<same-host-ip>>:8081  (the host that has the iptables configured)

To check this configuration you need to be in other host.

Seeing your configuration it seems that you don't need another iptables rule.