Hi,

I've set up the classical port 80 to 8080 redirection with iptables:But this will only work for connections coming from the outside world. When telneting to localhost:80 I get "connection refused" errors.

The manpage for iptables hasn't helped me

The point of routing 80 to 8080 is usualy because you have a proxy in place and you want it to be transparent to the internet users.

Why don't you just use port 8080 internaly?

If iptables is still a little cryptic you could use a tool like shorewall which will make it a lot easier to manage your firewall.

-eco

Using port 8080 internally is a good idea, but this implies reconfiguring lots of different applications. A simple trick with iptables would allow me to do it only once and for all

I am wondering why you wouldn't just bind the (I'm assuming) web server to port 80 as well as port 8080 or set up the redirect in the web server configuration.

You're right that binding the web server to port 80 would be the normal thing to do. But my case is a particular one

My team of programmers is setting up a website with both apache tomcat and apache web server. For many reasons (specific to our web applications and too many to list them here) we have to use tomcat in front of apache (I know the standard thing would be the oposite), so running apache web server on port 80 would be a bad idea: users would connect directly to it without passing through tomcat. In a future setup apache web server may be moved to a different phisical host.

Tomcat can run on port 80 only with root privileges: this is a bad idea too.

My current setup is tomcat on port 8080 and apache web server on 8090, iptables redirects 80->8080. A redirection to 8090 is performed by web applications when required. Many web applications also open connections to localhost on port 80, I'd like to keep this setting for transparency reasons. But such loopback connections are not currently working

I finally solved it.

In addition to the previous rule the following command had to be run: