Results 1 to 9 of 9

Thread: Port mapping using Susefirewall2: Mapping port 80 to 8080

  1. #1
    schwarzt NNTP User

    Default Port mapping using Susefirewall2: Mapping port 80 to 8080

    Hi all,

    I'm running a tomcat server on port 8080 on my box. I want it to be accessable on port 80 without running it as root.

    I'm using OpenSuse 11.1.

    Is it possible to use the Susefirewall2 to set up that port mapping. I tried defining "Custom Rules" and "Masquerading" but without any success. It is still only accessable on port 8080.

    Any help is greatly appreciated.

  2. #2

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 8080

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Yes, you can do it, though you must modify the file manually I believe.
    Look for documents that talk about FW_REDIRECT and modify the line with
    that variable on it within /etc/sysconfig/SuSEfirewall2 as follows
    (assuming your machine's IP is 192.168.2.2

    FW_REDIRECT="0/0,192.168.2.2/32,tcp,8080,80"

    Good luck.





    schwarzt wrote:
    > Hi all,
    >
    > I'm running a tomcat server on port 8080 on my box. I want it to be
    > accessable on port 80 without running it as root.
    >
    > I'm using OpenSuse 11.1.
    >
    > Is it possible to use the Susefirewall2 to set up that port mapping. I
    > tried defining "Custom Rules" and "Masquerading" but without any
    > success. It is still only accessable on port 8080.
    >
    > Any help is greatly appreciated.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.9 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJK0rLGAAoJEF+XTK08PnB5i8gQAIuoikoiRQGWgLdVb8a+T4eJ
    ljErhjb3Je870gbkP7OvrxBj3aOq4HYWvsjPDtLOFF+WelndxkwgvOJxVBWzY2E9
    hHwvvUgOk11TaFAcNfgBAm4Uo24yGvVLgIUmz56QU8PVe3w3pldS1bcszzrvjWCt
    e+InIHCDY7vba9+k6Vz3oXSrtPiJV3Pl0soTHcjigxpc7pzCuCkmIOuSMeYH7eUw
    5gQGA9tmBK1rClXTazSJwgEnJFWzePd0xO36axcBV/SK4SBDRF7vrqq0QLfClE3a
    o3lhQF2hCHpepY2Ojb9IVdQgEJthSo26YC99AgBy7z/sGAYlHTqf4cmQj06U5HA2
    CXre/VQpQCgxqpBU9Kn2+R0v2+oidPkDYV8inKNqJs+ocMEHqxzWFBnt5Eq4E2ik
    z/xSQygZNJ7skQREfZuqp8KtbcBk0JbWWzUpWV8k5T14mZ1f0By88lFZzOPtNKsY
    YuujSKEqOXZGJmG+rXYr8ME3t1jyvA7WKIU3d7b/CJHs6Sb7KDV2y8YC5QFLhuXH
    9c+B568aTYOABH1QoKvfaXofChAMoDjsxqpIpx/lOLZZs+qUUY/jL9poiTbGfbaM
    H69CyYNZvheO39l22DulI9QeLW1RSLvG4akTKOcKxDdjp7JwcOAofVijBXkkJpa1
    nwsqDGghVOtS+wUI4LGv
    =AyIR
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Jul 2008
    Location
    in front of the keyboard
    Posts
    90

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    It should work in Custom Rules. I have a ktorrent interface that is listening in 8001 port and i`m connecting from outside directly on port 80... so same situation works here great. Maybe you did something wrong...

  4. #4

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    Quote Originally Posted by darkmac View Post
    It should work in Custom Rules.
    Maybe, but why so complicated?

    The (example) solution posted by ab@novell.com is the simple and "known to work" way to do it.

  5. #5
    Join Date
    Jun 2008
    Location
    Denmark
    Posts
    68

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    Hi
    I want to run Jboss on a opensuse-box and use the "standard" jboss redirect port 80 to 8080 solution:

    iptables -t nat -A PREROUTING -p tcp dport 80 -j REDIRECT to-port 8080

    But I also want to use Yast firewall to protect the system (only port 22 and 80 shall be open). I think that running the firewall together with the redirect-script conflict somehow?

    The Jboss only answers when I stop the firewall, reboot linux and start Jboss with the redirect-script included.

    Does anyone have the same experience and maybe a solution?

    Jan

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    The redirect is in fact done using the iptables rules, so the "conflict" is that your manually inserted rule is being cleared by the standard SuSEfirewall2 setup. You should be able to get it to work by working within SuSEfirewall2 in the way that ab showed.

  7. #7
    Join Date
    Jun 2008
    Location
    Denmark
    Posts
    68

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    Thanks for quick answer :-)

    So can I conclude this workflow:

    1. Remove the jboss redirect-script.
    2. Use Yast -> Firewall and turn it on and open port 22 and 80 as wanted.
    3. Edit /etc/sysconfig/SuSEfirewall2 with ab's solution.

    Then reboot linux and test solutions.

    Jan

  8. #8
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    No, a reboot isn't required, just do rcSuSEfirewall2 restart

    Many people reboot Linux for no good reason.

  9. #9
    Join Date
    Jun 2008
    Location
    Denmark
    Posts
    68

    Default Re: Port mapping using Susefirewall2: Mapping port 80 to 808

    It works ! Thank you very much!

    But be carefull about local- and destination-post! The syntax in commemts in SuSEfirewall2 script is correct. My statement is:

    FW_REDIRECT="0/0,192.168.1.11/32,tcp,80,8080"

    and it works :-)

    Jan

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •