我已经用puppet安装了tomcat。它在标准 8080 端口上运行。 tomcat进程以tomcat用户身份启动。我想将所有流量从端口 80 重定向到 8080。我的 iptables 设置如下所示:
Nat:
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere multiport dports http /* 099 forward port 80 to 8080 */ redir ports 8080
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
标准 iptables:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere /* 000 accept all icmp */
ACCEPT all -- anywhere anywhere /* 001 accept all to lo interface */
REJECT all -- anywhere loopback/8 /* 002 reject local traffic not on loopback interface */ reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere /* 003 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ssh /* 004 accept ssh */
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 100 allow http and https access */
DROP all -- anywhere anywhere /* 999 drop all */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我看到 netstat 显示 tomcat 进程正在侦听端口 8080:
# netstat -tulpn | grep 80
tcp6 0 0 :::8080 :::* LISTEN 16273/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 16273/java
tcp6 0 0 :::8009 :::* LISTEN 16273/java
好像没有什么东西在监听 80 端口。telnet到端口 80 和 8080 拥抱的那台机器。
如何将所有流量从 80 转发到 8080?
尝试这个:
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
并检查流量:
sudo tcpdump -i any -n port 80
如果看不到数据包,则应检查外部防火墙。
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
