|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] iptables masquerading, port blocking and port forwarding
|
- From: "Sonny To" <son.c.to@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] iptables masquerading, port blocking and port forwarding
- Date: Fri, 31 Aug 2007 22:36:36 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Uxth+DdDe7VgmPTWrr57Vwx1mcOYZCKlqpy5TAOpm0CX1mbuWaETB6m9vQQ/aZtZqWTIe40fvRTvWbKwbkagTRCwOKyb1vo79gyDmjdLgbIZ9N7NH/GOE1PtRd063782Kkckqw18ShoeCVuA5GQpicGWzAehB1OWBVPi+HvosRU=
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
On 8/31/07, Michael C. Toren <mct@toren.net> wrote:
> On Fri, Aug 31, 2007 at 09:33:36PM -0400, Sonny To wrote:
> > I want to run Jetty on port 80 instead of apache httpd but don't want
> > it to run as root.
> >
> > $IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF --dport 80 -j DNAT
> > --to 192.168.1.2:7070
> >
> > the above works if I did not have the below:
> >
> > $IPTABLES -A INPUT -j ACCEPT -p tcp --destination-port 80 -i $EXTIF
> > $IPTABLES -A INPUT -j DROP -p tcp -i $EXTIF
> >
> > How can I get port forwarding port 80 to port 7070 while blocking all
> > other ports?
>
> In addition to allowing port 80 specifically, also allow the port you're
> redirecting to; in this case, port 7070.
I want to forward not redirect. I want port 7070 blocked from the outside world.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|