2

I'm having a VM where port 80 is consumed by apache tomcat (host.nvoids.com).

and I'm having apache2 php running at port 8020 which is a wordpress blog (host.nvoids.com:8020)

I want when somebody hits my server at blog.nvoids.com it should get forwared to 8020.

Please let me know if anything can be done with any rule based port forwarding program?

something like the below -

iptables -t nat -A PREROUTING -d blog.nvoids.com -p tcp -m multiport --dports 80,443 -j DNAT --to-destination blog.nvoids.com:8020

I did not try this as i do not know how to turn off the above command.

Is there any rule names or numbers that can be assigned to iptables rules? And can I switch it on/off?

Regards

Pradyut Bhattacharya
  • 117
  • 1
  • 6

3 Answers3

0

edit /etc/apache2/sites-available/000-default.conf

# Redirect all requests to the local Apache server to port 8080 
RewriteRule ^.*$ http://%{HTTP_HOST}:8020%{REQUEST_URI}

apachectl restart In addition, this port redirection us set up with Apache module mod_proxy. For this, we should enable mod_proxy on the server. And forget about those iptables rules

Ace
  • 478
  • 1
  • 6
0

The canonical way to undo 

iptables -t nat -A PREROUTING -d blog.nvoids.com -p tcp -m multiport --dports 80,443 -j DNAT --to-destination blog.nvoids.com:8020

is just to replace -A with -D (replace add with delete):

iptables -t nat -D PREROUTING -d blog.nvoids.com -p tcp -m multiport --dports 80,443 -j DNAT --to-destination blog.nvoids.com:8020

Kudos to you for being interested in "how can I break things and then clean up" and for providing actual domain name.

Also, you say host.nvoids.com:8020, but your command says blog.nvoids.com:8020, possibly a mistake.

I don't thing iptables/DNAT is going to work well for you. The reason is: with IP routing tables, the main thing to watch out is that not only packets should go one way, but also that the resulting packets should return (approximately) the same route. There is nothing in host.nvoids.com that would cause it to return the packets to the "iptables machine". The client doesn't expect to send a packet to one IP and receive a reply from a different IP - not workable.

Maybe use haproxy on blog.nvoids.com, or a similar uncomplicated reverse proxy?

kubanczyk
  • 13,812
  • 5
  • 41
  • 55
  • yes reverse proxy is what I'm looking for? can i use nginx like this - https://websiteforstudents.com/setup-nginx-reverse-proxy-apache2-ubuntu-17-04-17-10/ – Pradyut Bhattacharya Dec 10 '19 at 16:21
0

You can't do this with iptables; you need a Reverse Proxy.

iptables works at Layer 2/3/4 of the networking stack, however the HTTP Host header is not available at those layers, so iptables can't tell the difference between a packet on port 80 for foo.example.com and another packet for bar.example.com (assuming both sites resolve to the same IP address). All iptables sees is a packet destined to an IP address on port 80 (or port 443).

To use a reverse proxy, you will need to move tomcat to another port (eg, 8080), then configure your reverse proxy to accept connections on port 80 and 443. The reverse proxy will be examine the HTTP Host header of incoming connections, and proxy the traffic to the appropriate upstream server (Tomcat or Apache2 in your case).

nginx is commonly used as a reverse proxy, but some other options include apache, haproxy and squid.

fukawi2
  • 5,396
  • 3
  • 32
  • 51