1. As root, run the following commands assuming web server is listening on ports 8080 and 8443:
iptables -t nat -A PREROUTING -p tcp -d [IP address] --dport 80 -j DNAT --to-destination [IP address]:8080
iptables -t nat -A PREROUTING -p tcp -d [IP address] --dport 443 -j DNAT --to-destination [IP address]:8443
I like this format of the iptables command because if the server is multihomed to server multiple IP addresses, you can use these same commands over for each IP address and make sure traffic from one IP address won't seep to the other.
2. Add these commands to the /etc/init.d/boot.local file to make sure they are executed on boot
NOTE: iptables is primarily a firewall tool, so if an application is running on the same box as the web server, trying to call the box by its hostname or IP address will fail because iptabled thinks the source being localhost and the destination not being local is a spoof attempt. localhost to localhost invocation is allowed.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment