Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
25,80,443,8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 --tcp-flags
FIN,SYN,RST,ACK SYN -m limit --limit 2/min --limit-burst 1 -j ACCEPT
COMMIT
Also I am running Jetty as user "nobody" at the port 8080 using
the /etc/systemd/system/websocket-handler.service file:
[Unit]
Description=WebSocket Handler Service
After=network-online.target
[Service]
Type=simple
User=nobody
Group=nobody
ExecStart=/usr/bin/java -classpath '/usr/share/java/jetty/*'
de.afarber.MyHandler 144.76.184.151:8080
ExecStop=/bin/kill ${MAINPID}
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
However I actually need my Jetty program to run at port 80 - so that users
behind corporate firewalls can connect too.
The Jetty doc at
https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html
suggests to run the command
# iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
but I can not figure out the corresponding line for the
/etc/sysconfig/iptables
I have tried running the above command and then "iptables -S" to see the
added rule, but that didn't really work.
Thank you
Alex
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
