Configure local tomcat application port 80 forwarding in linux

Configure local tomcat application port 80 in linux: deploy tomcat locally to port 8080, and expect local access to port 80 to access local tomcat. Conclusion: The iptables tool in linux is used to implement port forwarding. Specifically, the root permission is obtained to execute iptables-tnat -... configure local tomcat application port 80 in linux: deploy tomcat locally to port 8080, and expect local access to port 80 to access local tomcat. Conclusion: The iptables tool in linux is used to implement port forwarding. Specifically, the root permission is obtained to execute iptables-t nat-I OUTPUT-p tcp-d 127.0.0.1 -- dport 80-j REDIRECT -- to-port 8080, which takes effect before restart. To take effect permanently, run the following command (ubuntu environment): iptables-save>/etc/iptables. rules to create a bash script [html] #! /Bin/bash iptables-restore </etc/iptables. rules save to/etc/network/if-pre-up.d/directory and end! BTW: If the external server is configured, replace step 1 with the following steps for executing the iptables-t nat-I PREROUTING-p tcp -- dport 80-j REDIRECT -- to-port 2nd experiment: the experiment mainly focuses on the iptables rules to be added in step 1 above. After obtaining the root permission, perform the following operations: iptables-t nat-I OUTPUT-p tcp -- dport 80-j REDIRECT -- to-port 8080. The result is that the local host can be forwarded normally, all accesses to the external network are redirected to the local localhost: 8080 cause: when the local access request is sent, the packets generated by the local process enter the OUTPUT chain, because the current request packet port is 80, therefore, the redirection channel is 8080. Note that it is all data packets. Iptables-t nat-I OUTPUT-p tcp-s 127.0.0.1 -- dport 80-j REDIRECT -- to-port 8080 result: access to local localhost for normal forwarding, there is no special reason for accessing the external network normally: similar to the above example, but there is another rule: the source address of the data packet needs to be matched-s 127.0.0.1. However, when accessing the external network, the source address of the actual data packet passing through this link is the local ip address, rather than the loop ip address (127.0.0.1). Therefore, this rule is equivalent to being ineffective when accessing the external network. Iptables-t nat-I OUTPUT-p tcp-s non-loop NIC ip -- dport 80-j REDIRECT -- to-port 8080 result: access to local localhost cannot be forwarded, all accesses to the external network are redirected to the local localhost: 8080 cause: similar to the above example, the rule matches the externally accessed data packet and thus is redirected. Iptables-t nat-I OUTPUT-p tcp-d 127.0.0.1 -- dport 80-j REDIRECT -- to-port 8080 result: access to local localhost for normal forwarding, there is no special reason for accessing the external network normally: the ip address of the local application is matched, so when accessing the local application, the packet will be redirected to 8080 iptables-t nat-I OUTPUT-p tcp-s 127.0.0.1-d 127.0.0.1 -- dport 80-j REDIRECT -- to-port 8080. The result is: access to the local localhost is forwarded normally, and access to the external network is normal. there is no special reason for this: the combination of the two and four operations. Iptables-t nat-I PREROUTING-p tcp-s 127.0.0.1-d 127.0.0.1 -- dport 80-j REDIRECT -- to-port 8080 result: access to the local localhost cannot be forwarded, there is no special reason for accessing the external network normally: local connection refers to accessing the local port with 127.0.0.1 or the local IP address. Data packets that are locally connected do not pass through the NIC, but are directly sent to the local process after being processed by the kernel. This type of data packet only passes through the OUTPUT chain in iptables, instead of the PREROUTING chain.