Using iptables to redirect port 443 to 8443

This isn’t particularly rocket science, but if you’re running Tomcat, you often want to open the service on port 443 (or 80), but Tomcat defaults to 8443 (or 8080) because it doesn’t have the ability to start as root and then drop privileges like Apache does.

The easiest way to do this is to put in an iptables rule as follows:

-A PREROUTING -d 10.0.0.8/32 -p tcp -m tcp —dport 443 -j REDIRECT —to-ports 8443

I can’t believe I’ve never run into this before, but I recently had a problem with Atlassian’s Jira software, where a desktop “gadget” was making a REST call back to Jira itself.  This is simply an HTTPS request from within the machine itself.

The call uses the base URL configured within Jira, which is no big surprise.  However, on the local machine, instead of resolving from DNS like you expect, it resolves using /etc/hosts to 127.0.1.1 (localhost).  I tested this with a simple wget and realized that port 443 wasn’t even available on localhost.

No problem, I’ll just change the above rule to omit “-d 10.0.0.8/32” so that we’re not specific to a particular destination.  

No dice, though. Apparently connections to localhost don’t go through the PREROUTING chains.  I guess I need to go back and review my iptables documentation.

By adding the following line to cover internal requests, the gadget loaded fine.

-A OUTPUT -d 127.0.1.1/32 -p tcp -m tcp —dport 443 -j REDIRECT —to-ports 8443

Notes

  1. jeremyrnelson posted this