I have a CentOS server with Java/J2EE(Tomcat) installed on TCP port 8080.
I have two interfaces, eth0 and lo.
I need to forward all incoming connection on TCP port 80 to 8080.
I tried doing the following which works:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to x.x.x.x:8080
iptables -A INPUT -p tcp -m state --state NEW --dport 8080 -i eth0 -j ACCEPT
where x.x.x.x is the ip associated to the eth0 interface.
This appears to also open port 8080 to the outside world, which I don't want to do. I only want port 80 exposed to the outside world, forwarding all traffic to 8080.
Any help would be appreciated.
Update : The iptables -L looks like below
[root@server admin]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP tcp -- anywhere anywhere state NEW tcp dpt:http
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server admin]#
iptables -t nat –list looks like below
[root@server admin]# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:http to:x.x.x.x:8080
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@server admin]# ^C
Best Answer
I posted a comment suggesting to set tomcat to listen on 80 or to use apache/nginx as a reverse proxy, which is what I think you should really be doing. But for posterity I will also answer your
iptablesquestion.The problem is that what you're doing isn't DNAT, it's port redirection. Instead of
-j DNATyou need-j REDIRECT.E.g.: