Brian Lewis <bsl04@xxxxxxxx> writes: > I run a servlet container that wants to listen on TCP 8080. I want to > redirect TCP 80 on my machine to 8080 on the same machine. > > If I do -t nat -I PREROUTING -i $IF -d $IP -p tcp --dport 80 -j REDIRECT > --to-port 8080, it works in that I reach the 8080 server when I connect > to 80. > > But I have to allow 8080 through. Is there a way to provide access to the > 8080 server via port 80 without having to allow 8080? Would the following work? iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 1 iptables -A INPUT -m mark --mark 1 -j ACCEPT iptables -A INPUT -p tcp --dport 8080 -j DROP
