On Sun, 13 Aug 2006 07:18:55 +0100 Graham Murray <graham@xxxxxxxxxxxxxx> wrote: > Brian Lewis <bsl04@xxxxxxxx> writes: > > > I run a servlet container that wants to listen on TCP 8080. I want to > > redirect TCP 80 on my machine to 8080 on the same machine. > > > > If I do -t nat -I PREROUTING -i $IF -d $IP -p tcp --dport 80 -j REDIRECT > > --to-port 8080, it works in that I reach the 8080 server when I connect > > to 80. > > > > But I have to allow 8080 through. Is there a way to provide access to the > > 8080 server via port 80 without having to allow 8080? > > Would the following work? > > iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK > --set-mark 1 > > iptables -A INPUT -m mark --mark 1 -j ACCEPT > iptables -A INPUT -p tcp --dport 8080 -j DROP That in conjuction with the REDIRECT rule seems to work well. Thank you.
