-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 All,
I'm aware of various techniques to allow Tomcat to serve from port 80 without using root, but I've never actually tried using them before. I'm trying to use iptables on a bare-metal Linux server running kernel 3.2 and I'm having no luck. I've already got iptables doing other things for me, but adding this should not be interfering. Here's what I've done (following [1]): $ sudo /sbin/iptables -I FORWARD -p tcp \ --destination-port 443 -j ACCEPT $ sudo /sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp \ --destination-port 443 --to-ports 8443 So here are my tables, now: $ sudo iptables-save | grep "\(FORWARD\|PREROUTING\)" :PREROUTING ACCEPT [10:1392] - -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 :FORWARD ACCEPT [0:0] - -A FORWARD -p tcp -m tcp --dport 443 -j ACCEPT - -A FORWARD -j LOG $ telnet localhost 8443 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^C Connection closed by foreign host. (connects) cschultz@europa:~$ telnet localhost 443 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused (fails) Oddly enough, both ports 8443 and 443 are accessible from the outside: elsewhere$ telnet myhost 8443 Trying 204.9.143.102... Connected to europa.chadis.com. Escape character is '^]'. ^CConnection closed by foreign host. elsewhere$ telnet myhost 443 Trying 204.9.143.102... Connected to europa.chadis.com. Escape character is '^]'. ^CConnection closed by foreign host. Do I need to do something different in order to allow "localhost" connections to be PREROUTED? Thanks, - -chris [1] https://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priv ileges.3F -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYRHzLAAoJEBzwKT+lPKRYOfEP/At/1Wc598mYz5jJ3qOQrMIP +YZD0pIEy9s2LHwIWCnxRExHCaaQUvPH6ARWI3IdpYSfdSJO0vAzi0szXcZLxA3Y v68sd1ZbBiF/ik8jDS4wshtSqOiw3JNSQZTfwNP118OKEzC3g4ip8wf3ieEyhC+2 w2r4Xz43aJ6eDJWiSgG+AFzUBKK8HWF8JhYIGQNdNYGa2Ri54oWEAlrqqTq0GpfL dUuSGWEk6UqdC7EBR8qQeEjhehVhYnhP5Zje0eOlfdxmMsjSYYG7aPvPeLYL7GlW IPcVe9qc/FmY8fYqydJNU/gLIeGb9tdambJe0nLPs2Xg5qBSeZ8Hcz6n/7us3g1Z nOsX2PQwlwXBjuh6xlBRkxHUq/P739nkBjf6jQdpX0ffQksmMtMUcO+DYTRsB8zF M4hmGUSfjYbskfDCf9iNLHc/qjaoy+oO8h/AbFc0GC6eqZICPr61zXbbItOtRRzz m2eMituyGtLnVxoC3Kr7axneXKeneiJPS4xabwm4UF1RjAZznOMyT16/i2d/r40g XbOal8PFFg8m9esk3J0RqWoZw29uoC7DnwqTkR2PNIPxRZOdNQUrddxbHwAE3Jmi HBADi9Z0+znZI/Prq9kp3rkAHyuksrpw/j1XzV/L0kJiI6t79nXLdOwjLWD3IMVo mSMjvWlRH05HsSrzBgkT =yi01 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
