I have an Ubuntu 15.04 system with a Java webserver listening on port 3000. Iptables prerouting is setup like this:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000
I've also removed apache2 packages from the system with:
apt-get remove apache2
However, now i don't get any process listening on port 80 in the system:
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 259/sshd
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 4841/java
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 455/master
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 256/systemd-resolve
As a consequence the pages are not accessible from the browser. Can someone please help?
Thanks!
UPDATE:
For now i've ended up configuring Apache with proxy
and proxy_http
modules, like so:
<VirtualHost *:80>
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:3000/
</VirtualHost>
What is weird is that on a similarly configured machine running Ubuntu 14.04 running Apache in order to have some process listening on port 80 was not necessary. On these machines, netstat
also would show no processes listening on port 80, yet HTTP requests were somehow forwarded to Java server listening on port 3000. Hmmm.
Best Answer
Nothing is listening on port 80 anymore. That iptables command just forwards requests to port 80 on an external network to port 3000 locally.
But the service is still only listening on port 3000, and nothing else is (apparently) listening on port 80, which is what is being reported by your system.
My guess is that you are testing this locally (i.e., with a browser on the same machine as the service). If this is the case, and localhost:3000 reaches the service, then the iptables rule is not being reached because the request is not coming on an external network (or some other iptables related reason -- I am assuming here that your rules are sound and working, but you should check this.)
Possible solutions: