Issue
On Fedora 24, a web server (Node.js) is running (standalone, no apache/others) on port 5000. Trying to making it accessible on port 80.
http://localhost:5000 works
Tried this:
systemctl stop firewalld
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5000
http://localhost doesn't work
Tried this
systemctl restart firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --zone=external --add-masquerade
firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000
firewall-cmd --list-all
FedoraWorkstation (active)
target: default
icmp-block-inversion: no
interfaces: wlp3s0
sources:
services: mdns ssh dhcpv6-client samba-client https http
ports: 1025-65535/tcp 1025-65535/udp
protocols:
masquerade: yes
forward-ports: port=80:proto=tcp:toport=5000:toaddr=
source-ports:
icmp-blocks:
rich rules:
Additional info Tried these
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 5000
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 5000
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
ifconfig
enp0s25: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ip route
default via 192.168.1.1 dev wlp3s0 proto static metric 600
192.168.1.0/24 dev wlp3s0 proto kernel scope link src 192.168.1.4 metric 600
For others it just works: Best practices when running Node.js with port 80 (Ubuntu / Linode)
Running node as root on port 80 works. Note, there's no IPv4:
netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:4433 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:51157 0.0.0.0:* LISTEN 3977/deluge-gtk
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 900/postgres
tcp 0 0 0.0.0.0:17500 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17600 0.0.0.0:* LISTEN 3203/dropbox
tcp 0 0 127.0.0.1:17603 0.0.0.0:* LISTEN 3203/dropbox
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::4433 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::51157 :::* LISTEN 3977/deluge-gtk
tcp6 0 0 :::5432 :::* LISTEN 900/postgres
tcp6 0 0 :::17500 :::* LISTEN 3203/dropbox
tcp6 0 0 :::34017 :::* LISTEN 10532/code
tcp6 0 0 :::5858 :::* LISTEN 30394/node
tcp6 0 0 :::5000 :::* LISTEN 30394/node
Solution
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 --permanent
#make port forwarding work on localhost
iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 5000
Answered By - Marius Answer Checked By - David Goodson (WPSolving Volunteer)