Run node server on port 8080, use iptables to redirect traffic

Question

I saw in several venues that in order to run node as a user, and yet get it to listen to port 80, you can do a simple IPTables trick:

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3000

I have a slightly different setup: the node server is bound to a specific IP address/port (66.XXX.YYY.3/8080) and I would like IPTables to ONLY do the redirect of port 8080 <-> port 80 for the IP 66.XXX.YYY.3.

Here is my iptables file at the moment:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Here is my ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:30:XX:XX:C1:0E  
          inet addr:216.XX.XX.208  Bcast:216.XX.XX.255  Mask:255.255.255.128
          inet6 addr: fe80::230:48ff:fedd:c10e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20043263 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19346011 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2757738385 (2.5 GiB)  TX bytes:20346229004 (18.9 GiB)
          Interrupt:16 Memory:faee0000-faf00000 

eth0:1    Link encap:Ethernet  HWaddr 00:30:48:DD:C1:0E  
          inet addr:66.XXX.XXX.3  Bcast:66.XXX.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:16 Memory:faee0000-faf00000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:412293 errors:0 dropped:0 overruns:0 frame:0
          TX packets:412293 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:56772773 (54.1 MiB)  TX bytes:56772773 (54.1 MiB)

I have real servers bound to 216.XX.XX.208 (eth0's IP) running Apache.

I tried in a billion different ways, and never managed to only forward traffic for the eth0:1 interface, so that connecting to port 80 of 66.XXX.XXX.3 it actually gets forwarded to port 8080 (where the daemon is running).

Question: What would iptables have to look like to solve this?

The main one is eth0. Then there is eth0:1. Can I really just type eth0:1 instead of eth0? — Merc, Mar 12 '16 at 09:02
I am not running it myself because it's a live server, and I cannot risk to mess things up... — Merc, Mar 12 '16 at 09:02
Why don' you just reverse proxy port 80 to port 8080 for the relevant vhost ? — user9517, Mar 12 '16 at 09:08
I will only ever need one process for a loooooong time, setting up nginx for this would be a total overkill — Merc, Mar 12 '16 at 09:10
And no, the iptables command with eth0:1 doesn't seem to be working... — Merc, Mar 12 '16 at 09:12
http://serverfault.com/questions/586486/how-to-do-the-port-forwarding-from-one-ip-to-another-ip-in-same-network — user9517, Mar 12 '16 at 09:15

Run node server on port 8080, use iptables to redirect traffic

0 Answers0