Hi. I’m trying to solve a situation. I have a server which is running a jboss service on port 8080. The problem is, that anyone can enter through this port to my server since it has a public IP address. I have two NICs, one with public IP address and then a second one with internal address.
I would like to configure access to my server IP address through port let’s say 8526 and it needs to be forwarded to 8080 (and 8080 be no longer accessible, only 8526) How can I do that ?
Are you really on SUSE 12.3? That is a really old build on the
SUSE/openSUSE side of things.
Check in /etc/sysconfig/SuSEfirewall2 for a line starting with FW_REDIRECT
and try using the options there to do your port redirection. I presume it
was available back in your version, but I do not know that for sure; if it
was, then it works really well for this type of thing.
Once done redirecting you can probably block the original (8080) port.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Yes really on 12.3. Unfortunately FW_REDIRECT does not work 
Let’s imagine this scenario:
1 NIC with public IP - 46.85.25.52
2 NIC with local IP - 192.168.1.2
Want to block port 8080 but redirect it to 8526. That means if I put 46.85.25.52:8080 it won’t give me access but when I enter 46.85.25.52:8526 it’s gonna work.
First, in case I cannot figure this out with you, you may find the
Networking subforum more-appropriate to find others interested in this
kind of thing.
Second, could you show the line that you used? Also, did you restart the
SuSEfirewall2 service (I assume you have it enabled) to apply the changes
in that file?
sudo /sbin/rcSuSEfirewall2 restart
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.
If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
Temporarily closed and moving to Network subforum.
Hi
Original thread moved and re opened.
@CruiserCZ in future, just report the post if you think it should be moved… 
Doesn’t your YaST network module provide forwarding ?
There are many ways to configure to achieve what you’ve described so you should probably be more detailed exactly what your objectives are in security and functional terms. Also, some solutions lay the groundwork for future expansion like web farms.
So, a short list off the top of my head…
Apache mod-alias is able to re-write and redirect URLs
You can configure a forwarding rule using iptables, which is what SUSEFW does. Using YaST, you should be able to open your Firewall module, assign firewall zones, and define a custom rule to support the forwarding you wish.
The above forwards but does not filter packet payloads so provides no real improved security. What you’ve asked for so far is “security by obscurity” which means you’re hoping that malicious attackers simply won’t discover your website which nowadays is considered a very weak strategy, little more than if you use the default HTTP/HTTPS ports.
Better solutions today may or may not redirect ports but apply some level of filtering and minimizing attack surface by exposing as little functionality as possible. These typically involve
Proxy firewalls
Reverse proxy firewalls like Squid
HTH,
TSU