IPTables Forwarding Port 8080 to 80

MSF004 asked:

My hardware firewall has port 8080 open

My goal is to have my server receive the requests over 8080 and via iptables route the request to be handled by httpd.

This seems simple (in my head), but I am missing something.

Here are my IPTable Rules:

-A PREROUTING -i eth1 -p tcp -m tcp --dport 8080 -j DNAT --to-destination :80
:OUTPUT ACCEPT [87:12324]
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

When I attempt to request a site I am getting a 301 redirect and not the site (test via curl):

* About to connect() to server.domain.com port 8080 (#0)
*   Trying <ip addy>... connected
* Connected to server.domain.com (<ip addy>) port 8080 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/ Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: server.domain.com:8080
> Accept: */*
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 08 Nov 2017 19:07:32 GMT
< Server: Apache/2.2.15 (CentOS)
< X-Powered-By: PHP/5.3.3
< Set-Cookie: cf7msm_check=1; path=/
< Set-Cookie: PHPSESSID=0lblsu0t9of4id2nraei0v7rb0; path=/
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Pragma: no-cache
< X-Pingback: http://server.domain.com/wp/xmlrpc.php
< Location: http://server.domain.com/
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
* Closing connection #0

HTTPD is setup to listen on 80.

The requests are getting to HTTPd, but for a reason I have not yet figured out, the requests are not getting the expected responses.

If I change everything to use straight port 80 everything works fine.

My answer:

Your 301 redirect is coming from WordPress. You need to put the correct port number in Settings > General if you intend to run WordPress on a nonstandard port.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.