I have a VPS which is accessible via hello.com
, running ubuntu and a minimal Python script that serves some html content. The python script is listening on port 8069
. hello.com:8069
works as expected, but I also need to access the Python script from port hello.com:80
.
I've done some research, and apparently listening on ports under 1000 is only possible with root, which isn't an option for security reasons. The only real solution I've found is iptables port redirecting.
I've attempted to set up a REDIRECT rule in the nat table, but visiting hello.com:80
still gives me a timeout error.
Here's my /etc/iptables/rules.v4
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8069
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp -m tcp --dport 22-j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8069 -j ACCEPT
COMMIT
I've follow a few guides, and set net.ipv4.conf.eth0.forwarding=1
and net.ipv4.ip_forward=1
. Is there something I'm missing?
Server details:
root@hello.com:/# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
root@hello.com:/# iptables -V
iptables v1.4.21
root@hello.com:/# ufw version
ufw 0.34~rc-0ubuntu2
Copyright 2008-2012 Canonical Ltd.
root@hello.com:/# netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2067 0 0 0 1879 0 0 0 BMRU
lo 65536 0 637 0 0 0 637 0 0 0 LRU