Port mapping using Susefirewall2: Mapping port 80 to 8080

Hi all,

I’m running a tomcat server on port 8080 on my box. I want it to be accessable on port 80 without running it as root.

I’m using OpenSuse 11.1.

Is it possible to use the Susefirewall2 to set up that port mapping. I tried defining “Custom Rules” and “Masquerading” but without any success. It is still only accessable on port 8080.

Any help is greatly appreciated.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes, you can do it, though you must modify the file manually I believe.
Look for documents that talk about FW_REDIRECT and modify the line with
that variable on it within /etc/sysconfig/SuSEfirewall2 as follows
(assuming your machine’s IP is 192.168.2.2

FW_REDIRECT=“0/0,192.168.2.2/32,tcp,8080,80”

Good luck.

schwarzt wrote:
> Hi all,
>
> I’m running a tomcat server on port 8080 on my box. I want it to be
> accessable on port 80 without running it as root.
>
> I’m using OpenSuse 11.1.
>
> Is it possible to use the Susefirewall2 to set up that port mapping. I
> tried defining “Custom Rules” and “Masquerading” but without any
> success. It is still only accessable on port 8080.
>
> Any help is greatly appreciated.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJK0rLGAAoJEF+XTK08PnB5i8gQAIuoikoiRQGWgLdVb8a+T4eJ
ljErhjb3Je870gbkP7OvrxBj3aOq4HYWvsjPDtLOFF+WelndxkwgvOJxVBWzY2E9
hHwvvUgOk11TaFAcNfgBAm4Uo24yGvVLgIUmz56QU8PVe3w3pldS1bcszzrvjWCt
e+InIHCDY7vba9+k6Vz3oXSrtPiJV3Pl0soTHcjigxpc7pzCuCkmIOuSMeYH7eUw
5gQGA9tmBK1rClXTazSJwgEnJFWzePd0xO36axcBV/SK4SBDRF7vrqq0QLfClE3a
o3lhQF2hCHpepY2Ojb9IVdQgEJthSo26YC99AgBy7z/sGAYlHTqf4cmQj06U5HA2
CXre/VQpQCgxqpBU9Kn2+R0v2+oidPkDYV8inKNqJs+ocMEHqxzWFBnt5Eq4E2ik
z/xSQygZNJ7skQREfZuqp8KtbcBk0JbWWzUpWV8k5T14mZ1f0By88lFZzOPtNKsY
YuujSKEqOXZGJmG+rXYr8ME3t1jyvA7WKIU3d7b/CJHs6Sb7KDV2y8YC5QFLhuXH
9c+B568aTYOABH1QoKvfaXofChAMoDjsxqpIpx/lOLZZs+qUUY/jL9poiTbGfbaM
H69CyYNZvheO39l22DulI9QeLW1RSLvG4akTKOcKxDdjp7JwcOAofVijBXkkJpa1
nwsqDGghVOtS+wUI4LGv
=AyIR
-----END PGP SIGNATURE-----

It should work in Custom Rules. I have a ktorrent interface that is listening in 8001 port and i`m connecting from outside directly on port 80… so same situation works here great. Maybe you did something wrong…

Maybe, but why so complicated?

The (example) solution posted by ab@novell.com is the simple and “known to work” way to do it.

Hi
I want to run Jboss on a opensuse-box and use the “standard” jboss redirect port 80 to 8080 solution:

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080

But I also want to use Yast firewall to protect the system (only port 22 and 80 shall be open). I think that running the firewall together with the redirect-script conflict somehow?

The Jboss only answers when I stop the firewall, reboot linux and start Jboss with the redirect-script included.

Does anyone have the same experience and maybe a solution?

Jan

The redirect is in fact done using the iptables rules, so the “conflict” is that your manually inserted rule is being cleared by the standard SuSEfirewall2 setup. You should be able to get it to work by working within SuSEfirewall2 in the way that ab showed.

Thanks for quick answer :slight_smile:

So can I conclude this workflow:

  1. Remove the jboss redirect-script.
  2. Use Yast -> Firewall and turn it on and open port 22 and 80 as wanted.
  3. Edit /etc/sysconfig/SuSEfirewall2 with ab’s solution.

Then reboot linux and test solutions.

Jan

No, a reboot isn’t required, just do rcSuSEfirewall2 restart

Many people reboot Linux for no good reason.

It works ! Thank you very much!

But be carefull about local- and destination-post! The syntax in commemts in SuSEfirewall2 script is correct. My statement is:

FW_REDIRECT=“0/0,192.168.1.11/32,tcp,80,8080”

and it works :slight_smile:

Jan