问题描述

我已将tomcat与木偶一起安装.它在标准8080端口上运行. tomcat进程以tomcat用户身份启动.我想将所有流量从端口80重定向到8080.我的iptables设置如下:

I have tomcat installed with puppet. It runs on standard 8080 port. The tomcat process is started as tomcat user. I'd like to redirect all traffic from port 80 to 8080. My iptables settings look as follows:

自然:

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere             multiport dports http /* 099 forward port 80 to 8080 */ redir ports 8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

标准iptables:

Standard iptables:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere             /* 000 accept all icmp */
ACCEPT     all  --  anywhere             anywhere             /* 001 accept all to lo interface */
REJECT     all  --  anywhere             loopback/8           /* 002 reject local traffic not on loopback interface */ reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             /* 003 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             multiport dports ssh /* 004 accept ssh */
ACCEPT     tcp  --  anywhere             anywhere             multiport dports http,https /* 100 allow http and https access */
DROP       all  --  anywhere             anywhere             /* 999 drop all */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

我看到netstat显示tomcat进程正在侦听端口8080:

I see that netstat shows that tomcat process is listening on port 8080:

# netstat -tulpn | grep 80
tcp6       0      0 :::8080                 :::*                    LISTEN      16273/java
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      16273/java
tcp6       0      0 :::8009                 :::*                    LISTEN      16273/java

您似乎在端口80上没有监听. telnet在端口80和8080上拥抱该计算机.

Seems like nothing is listening on port 80 thou. telnet to that machine on port 80 and 8080 hugs.

如何将所有流量从80转发到8080?

What can I do to to forward all trafic from 80 to 8080?

推荐答案

尝试一下:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT

并检查流量:

sudo tcpdump -i any -n port 80

如果看不到数据包，则应检查外部防火墙.

If you can't see the packet, you should check external firewall.

这篇关于将流量从80转发到8080的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！