-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 James,
On 1/6/20 4:28 PM, James H. H. Lampert wrote: > I think I found something, with the help of "MLu" on ServerFault: > > He advised me to try "iptables -L" and "iptables-save" again, only > this time "sudo" them. Hah, sorry about that. Nobody thought of specifying that only root can view the iptables stuff. :) > When I did "iptables -L" under root privileges, I still only got > column headings, but when I did "iptables-save" under root > privileges, I hit what appears to be paydirt: >> # Generated by iptables-save v1.4.18 on Mon Jan 6 21:17:22 2020 >> *filter :INPUT ACCEPT [5018099:5766179544] :FORWARD ACCEPT [0:0] >> :OUTPUT ACCEPT [4555500:2863742410] COMMIT This means "no filtering". You have a firewall, so that's fine. >> # Completed on Mon Jan 6 21:17:22 2020 # Generated by >> iptables-save v1.4.18 on Mon Jan 6 21:17:22 2020 *nat >> :PREROUTING ACCEPT [41828:2351495] :INPUT ACCEPT [76356:4167904] >> :OUTPUT ACCEPT [254990:18418937] :POSTROUTING ACCEPT >> [254990:18418937] -A PREROUTING -p tcp -m tcp --dport 443 -j >> REDIRECT --to-ports 8443 COMMIT This means that the NAT table is being used to forward port 443 -> 8443 just like we were all assuming, but hadn't yet proven. >> # Completed on Mon Jan 6 21:17:22 2020 > > Other than the one obvious line near the bottom, >> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports >> 8443 > I'm not entirely sure what all of this means, nor do I remember > what I did to set it up. This definitely means that clients can connect to host:443 and will actually communicate with host:8443. Mystery solved! - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4UpIQACgkQHPApP6U8 pFgHWg/9GkBh1aVeCqqUmKd4l8BcBTrYGCEdVf5FxirWHwWTbmqAY5NYwDPqNOEU OzOrdbFr6O4tbrcrQGg78pD/ZqhyuwyTKN+NY41/IOFBegbB7ziHyGMNWt81mWbW n9yYQblEHDkwrdLxu1p6l9DFLsNkWmZxbIE+Ktp8Dyvocv0rfeEh6Ht2jQGOyWKm m4xhgIc9i9ewGglpRoOwJmfSYuHLs8ijw8CA7owfMz+A3brS4RzreNzLW1nxU7m0 1neLHu2e8AFHw0CPb8NAMt4kC1Rf67wyLbxE2umOPIK16V6yIY96fWmkFNqIlHCl tiY2oncn6A9jG4r86W2i1MHMEust8a2d/F/bvL5Yjiw26TMr+T5rL/EFU6debTfW jkFSCS2gFaUM/bBb78d6vQfmpHTj17lP87YK4YJtjQT5/SAXnnty8g7PtOO+jp+W 6gaHYKp1TSYPareexO9NcNd4QM6aWMjMqNgNqiPnggZ6We1Xc+eK7U7kmMpp3hee 7Jggk4oM7G7d8ld1KNW5lRvEGc15E39ZEstFP0UJ78qbHv0ROlh4xoD0lhkW00YB fC4P4RQE4nwCbDRC7hd2vNPPrSKu6IKo/rwTcGl7yPpi0oX1eTg0AYkaxd2MOTX8 o7NemE0CY01Y65Fev7Yir/WRBxuC1wfuJb1U91t8WblAejQV5bU= =z5M1 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org