Use "targets SNAT and DNAT, not REDIRECT". Also try something that matchs, use '-vL' too see what is going on.
# iptables -t nat -I PREROUTING <SKIP?: --src <REPLACE:192.168.0.0/24>> --dst <REPLACE:192.168.0.50> -p tcp --dport 80 -j DNAT --to-destination <REPLACE:192.168.0.50>:8080 --- Martin Slouf <[EMAIL PROTECTED]> wrote: > Hi all, > > im newbie in firewall building and iptables; ive started to read the > documentation recently, but no answer found yet for a problem on a port > redirecting. help me pls. > > My computer is running tomcat on 8080, no web server there. tomcat is > running as a separate user (tomcat). > > I would like to have all requests to port 80 (nothing there) being > redirected to 8080 (tomcat waiting) _within_ the same machine. > > I think i have the possibility of starting tomcat as the root user, > gain control over privilleged port 80 and then drop privilleges and > continue running as the unprivilleged user (tomcat). (am i right? im > using 'start-stop-daemon' and from the man page im not sure i can do > this -- it seems it drops privilleges _before_ starting the process -- > anyway, this solution is satisfying, but not ideal.) > > so far so good. > > The problem is that users have already got accustomed to the port 8080; > so i want to keep tomcat running on 8080 and for any new users i want > port 80 being redirected from port 80 to 8080 transparently. > > i created this rule for port redirection, but it does not do what i > expect. any solutions or suggestions why? (googling always ends with > port forwarding / masquarading issues (targets SNAT and DNAT, not > REDIRECT).) > > iptables -t nat -I PREROUTING --src 0/0 --dst 127.0.0.1 \ > -p tcp --dport 80 -j REDIRECT --to-ports 8080 > > maybe a clue? > > im browsing kernel documentation now -- maybe > option CONFIG_IP_NF_NAT_LOCAL is the answer (all my testing _must_ be > done locally -- computer is not connected to network now)? > > thx for any help. > > martin. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail