IPTables Port Forwarding on Virtual IP Doesn’t Work For Tomcat

February 2nd, 2009 by Andrew Chen

It is not really a problem specifically related to Tomcat.

It is just that I found this problem when I installed Tomcat and I couldn’t find a straight forward answer on the internet. The problem I encountered was basically that I want to configure Tomcat to run under non-root user and I could not use port 80 because the process listening on port 80 had to be running under root. I kept tomcat listening on its default port 8080 and used IPTables to set up port forwarding so that request on port 80 was forwarded to 8080.

I used the following command to set up the port forwarding rules.

iptables -t nat -I PREROUTING -d tomcat-listening-ip -p tcp –dport 80 -j REDIRECT –to-ports 8080.

It didn’t work. I did some test and later found that if the ip address that tomcat used was tied to the physical network interface eth0 then it worked. If the ip address was tied to virtual interface eth0:0 then it didn’t work. In the late case the following command will do the trick.

iptables -t nat -I PREROUTING -d tomcat-listening-ip -p tcp –dport 80 -j DNAT –to-destination tomcat-listening-ip:8080

Shell Script to Start Tomcat on Reboot Using Non-Root User

How to Connect to SQL Server Running on Non Standard Port

Can Not Connect to SQL Server Named Instance Remotely?

Trouble Shooting SQL Server Connection Problems, Tricks and Solutions

Development of The West District of Zhu Hai

Posted in System Admin | 4,064 views