Maybe I didn't understand correctly. You're wanting to redirect
traffic received on eth0 port 80 to port 8080. Is this correct?
"iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 8080"
If so, then you wouldn't expect to see any traffic on eth0 port 8080
(neither coming or going), right?
Bill
On 10/4/2012 9:36 PM, Mark Space wrote:
I don't understand this comment:
"If you get traffic on port 8080 then you have an iptables
problem."
Wouldn't it be the opposite? If I DON'T have traffic on port
8080, I have problems with iptables. But maybe I misunderstand
how iptables or tcpdump work.
On 10/4/2012 4:52 PM, Bill Shirley wrote:
Check your listen statement in /etc/httpd/conf/httpd.conf. It
should be:
Listen 8080
If that is correct, run tcpdump (ctrl+c to quit) and then try
externally connecting :
tcpdump -n -i eth0 port 80 or port 8080
If you get traffic on port 8080 then you have an iptables
problem.
Bill
On 10/4/2012 3:45 PM, Mark Space
wrote:
Hi all, I'm having a bit of trouble setting up a new web
server. The last time I set up up it went smoothly, but for
some reason I can't connect to the HTTP port on this one.
Any clues what I'm missing?
I can:
1. SSH into my server from an external workstation.
2. Ping my server by DNS name from an external workstation.
3. I can load the default web page when I'm SSH'd in, this
works fine:
$ wget localhost
--2012-10-04 17:44:35-- http://localhost/
Resolving localhost... 127.0.0.1
Connecting to localhost|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2432 (2.4K) [text/html]
Saving to: âindex.html.1â
100%[======================================>] 2,432 --.-K/s in 0s
2012-10-04 17:44:35 (183 MB/s) - âindex.html.1â
However, I cannot connect via HTTP externally, even using the
IP address:
4. Unable to connect Firefox can't establish a connection to
the server at 54.243.205.88.
I'm not sure where I could have fubared this. I did try to
redirect the ports from 80 to 8080, perhaps that was done
incorrectly?
[ec2-user@domU-12-31-39-0A-A0-29 ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[ec2-user@domU-12-31-39-0A-A0-29 ~]$ sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 21 packets, 1608 bytes)
pkts bytes target prot opt in out source destination
150 7600 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
Chain INPUT (policy ACCEPT 171 packets, 9208 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 45 packets, 3625 bytes)
pkts bytes target prot opt in out source destination
2 120 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 8080
0 0 REDIRECT tcp -- * * 0.0.0.0/0 10.211.163.215 tcp dpt:80 redir ports 8080
Chain POSTROUTING (policy ACCEPT 47 packets, 3745 bytes)
pkts bytes target prot opt in out source destination
I thought this should be exactly the same as the last time I
did it, so I don't know why it wouldn't work.
Here's the script I used to set up the iptables:
iptables -t nat -A OUTPUT -d localhost -p tcp --dport 80 -j
REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT -d 10.211.163.215 -p tcp --dport 80
-j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-ports 8080
/etc/init.d/iptables save
/etc/init.d/iptables restart
I'm completely at a loss how to troubleshoot this further, any
advice is much appreciated.
|
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
