port redirection, multiple IP addresses (or run on port 80)

Hi all. I have a problem (I am newbee in SuSE firewall0.

I do have a openSuse 11.4 and multiple IP addresses on eth0 interface

eth0, 10.5.6.11,10.5.6.12/10.5.6.13/10.5.6.14........

I run (trying to/have to) multiple TOMCAT servers. 

I am trying to have each tomcat instance listen to on separate IP
address
for example:
tomcat 1 - 10.5.6.11 - HTTP=8080 HTTPS=8443 
tomcat 2 - 10.5.6.12 - HTTP=8080 HTTPS=8443 

What i am trying to do is to redirect
a) tomcat 1 - 
10.5.6.11:80 to 10.5.6.11:8080
10.5.6.11:443 to 10.5.6.11:8443

a) tomcat 2 - 
10.5.6.12:80 to 10.5.6.12:8080
10.5.6.12:443 to 10.5.6.12:8443

and so on. 

I know that it has to be possible. 

I do have just eth0/

Is is it possible. 
Do I have to create "vittual interfaces"? eth0:1, .......... and do
redirection ?

"Server" has got just single interface - just 1 ethernet calbe goes to
that server. I am planning to have 10-15 tomcat's on that server (I have
to unfortunatley) and each has to run on port 80

Is it possible to "grant" permissions to normal users to run app on
port 80 - that would solve me lots of problems if impossible to
redirect. 


I tried to setcap 'cap_net_bind_service=+ep' /path/to/tomcat ...... but
no luck

Regards
kick_my_eye


-- 
kick_my_eye
------------------------------------------------------------------------



0
kick
4/7/2011 1:36:03 PM
opensuse.org.network-internet 6943 articles. 0 followers. Follow

7 Replies
907 Views

Similar Articles

[PageSpeed] 40

No additional interfaces required. It has been possible to bind multiple
addresses to one interface for a while now

Normal user cannot open port under 1024.

Make sure each tomcat listens on only one address. Then it's just a
matter of a redirect rule for each tomcat.


-- 
ken_yap
------------------------------------------------------------------------
ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
ken
4/7/2011 5:06:03 PM
With iptables rules using the REDIRECT target. You need one rule per
port and host, so 2 x number of tomcats.


-- 
ken_yap
------------------------------------------------------------------------
ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
ken
4/9/2011 1:36:02 PM
OK. No problem....
I can set <connector) to listen on specific IP. 
I have doen hat already. 
I have tomcat 1,2,3,4..... that listen on specific IP addresses and on
port 8080(http) and 8443(https). 
The problem i have is to resirect http(80) to 8080 and https(443) to
8443

I am not allowed use ports other than 80/448. It has to be http/https.
How can I redirect ports? 
Regards.


-- 
kick_my_eye
------------------------------------------------------------------------
kick_my_eye's Profile: http://forums.opensuse.org/member.php?userid=57340
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
kick
4/9/2011 1:36:02 PM
Hi there,

You are on the right path with setting the <connector> in your Tomcat
server.xml and defining the proxy settings in your httpd.conf.  (This is
a job for mod_jk and not for iptables, though I would just turn off your
firewall while you get the proxy set up to rule out any trouble, and
then turn it back on once you have the proxy redirection working.)

You will also need to make sure Apache has loaded an appropriate proxy
module - most likely mod_jk. This is a separate package from Tomcat, so
please make sure you have apache2-mod_jk installed as well, and the
module with then show up when you do apachectl -M

Don't forget to restart Tomcat / Apache when you make any changes to
their config files. 

LewsTherin


-- 
LewsTherinTelemon
------------------------------------------------------------------------
LewsTherinTelemon's Profile: http://forums.opensuse.org/member.php?userid=14043
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
LewsTherinTelemon
4/9/2011 2:06:02 PM
As usual there are many ways to do this. iptables is one way and avoids
running an Apache, unless you need one anyway for the main site. Another
way, as mentioned, is using mod_jk, which has the advantage that you can
set u load balancing if required. You can also use the ProxyPass and
ProxyReversePass directives in Apache to proxy to the tomcat.


-- 
ken_yap
------------------------------------------------------------------------
ken_yap's Profile: http://forums.opensuse.org/member.php?userid=221
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
ken
4/9/2011 2:36:04 PM
Ken_yap (as usual) is totally right - you can certainly use iptables
too, and as he says Apache is not even required then. There are some
benefits to either way really - you can try both and see what works best
for you.


-- 
LewsTherinTelemon
------------------------------------------------------------------------
LewsTherinTelemon's Profile: http://forums.opensuse.org/member.php?userid=14043
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
LewsTherinTelemon
4/9/2011 3:06:02 PM
Hi.
The problem was ...... SuseFirewall2 (some strange tool).
I used RDIRECT on specific IP and all works. I have 17 I_P addresses
and all work on port 80.
In TOMCAT's <connector> section i use address="xxx.xxx.xxx.xx" so each
TOMCAT listen on different interface.

Job done.

Thanks. 

Next thing is to investigate APACHE->TOMCAT connection.

Rrgards.


-- 
kick_my_eye
------------------------------------------------------------------------
kick_my_eye's Profile: http://forums.opensuse.org/member.php?userid=57340
View this thread: http://forums.opensuse.org/showthread.php?t=457570

0
kick
4/13/2011 8:06:01 AM
Reply:

Similar Artilces:

running on any other port than the default 80 port
I want to run my web page on any other port than default 80 port >> how can I do this ??   I am using visual studio 2003 c#.net 1.1 thanks in advance.. You need to change the port your website is running under.. For that you need to open the Internet Information Services MMC from Administrative tools under Control panel.. Then if you navigate to Default Website under websites.. you right click on the Default Website node to get Properties and under Website tab you can change the port numberKumar Reddi...

Using port 80 for the http port without running Jaguar as a root
Hi All, I'd like to use port 80 for the http port without running Jaguar as a root. Is it possible at all? If so, how? Thanks. WKhan Sybase Not sure if i understand you well but wouldnt setting http listener to listen on port 80 do the trick. Regards Tarik <wkhan@sybase.com> wrote in message news:170A5F90CBAEF363005F089F85256ABF.005F08B985256ABF@webforums... > Hi All, > > I'd like to use port 80 for the http port without running Jaguar as a root. > Is it possible at all? If so, how? > Thanks. > > WKhan > Sybase > Ta...

Cannot work on ports other than port 80?
I tried installing DotNetNuke on a webserver on port 81. It works fine only on the local machine itself but doesn't work when I tried to browse from another computer. Can DotNetNuke actually work on ports other than port 80? I tried running other asp.net apps on port 81 and they all work fine... What do I need to configure? Anyone please help? Thanks so much... You don't have something configure correctly........most web apps don't check which port they are residing on....and for the most part they really don't care.  Your webserver has to be configured to answer requests a po...

Source IP: Multiple IPs one Port
Ok. So I'm in the process of upgrading all the Cisco firewalls to IPFire. So far I've been getting compliments on how much faster the internet is. I didn't want to brag to them about how I invented it. It's our little secret. An interesting problem popped up in this: One client is using a spam filter service that forwards their email through 1 of 15 servers on a few different networks. I'm supposed to restrict permission on inbound port 25 to these 15 addresses or to those few networks. I could do it in GWIA but how does one do something like this in ...

Port 80 on Port Probe Page
I did a portscan on our server using the grc webpage. It used to show the status of port 80, but now it doesn't. Port 80 doesn't even appear in the list. Is port 80 no longer scanned in the port probe, (seems unlikely), or is something wierd happening. Any ideas would be greatly appreciated. Cheers Peter Burger Peter Burger <pburger@menziesworld.com> wrote: > I did a portscan on our server using the grc webpage. It used to > show the status of port 80, but now it doesn't. Port 80 doesn't even > appear in the list. Is port 80 no longer scann...

Port 443 and Port 80 Apache
Hi, My site runs on port 443 but I still want people to be able to access it if they type http:// instead of http*s*:// To that end I have been trying to redirect all http requests to http*s* using this rewrite rule Code: -------------------- RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^.*$ https://%{SERVER_NAME}[L,R] -------------------- However, it doesn't actually change the url to http*s*://. It loads the page using the DocumentRoot of the https connection but it doesn't change the URL. Any ideas? /Jlar -- eeijlar ...

Not going out Port 21 but Port 80...Why?
When I performed a LeakTest on my personal firewall Norton said that the program was going out on port 80. In the reading I did on grc's website it says that LeakTest is supposed to go out on port 21. Why then is it going out on port 80 and not port 21? Can anyone tell me why? Billy Read the last line on this page: http://grc.com/lt/history.htm -- JB Learn the Hazards http://www.staff.uiuc.edu/~ehowes/info17.htm "Billy" <big.tex@verizon.net> wrote in message news:9sub9n$13jc$1@news.grc.com... > When I performed a LeakTest on my personal firewall...

Web Apps
I am having problems with a new install of OES for Netware. I had a crashed server (6.0 sp5), I deleted the files out of DS per a "crashed" server TID. When I fixed the server (New Hard drives); I installed netware OES from scratch. When I point my browswer to http://Ip of server/ I get a page cannot be found. I can access https://IP:2200; it brings up a login screen then once I login, I get the new Welcome page with all the correct info on it. Most of the links will not open. I can also get to http://IP:8008/ which brings up the remote manager login. I've loo...

block all ports but port 80 with iptables (DMZ)
Hi, First let me explain my situation: I have a Suse 10.3 router with 4 network cards. 1 is to connect to the big network and thereby also the internet, 2 are for 'client' subnets and I want to use the last one as a DMZ. In this DMZ will be a web server which has to be accessible from the other 2 subnets and from the big network. I could do it with a few simple clicks in Yast firewall, but I have some issues with this firewall and there for I want to use it as minimal as possible, using Iptables. So now I'm struggling a bit with Iptables. Basicly what I'm looking...

Port 1036 Open and Port 80 closed?
Hi, I'm somewhat new to closing ports and all. But from Shieldsup, I saw that it can find Port 80, but it is closed. And it can also find Port 1036 and open. How can I either close or stealth 1036 and how can I stealth port 80? I know that when I check Port 1036, it says: pcg-radar RADAR Service Protocol That means what? And is having the ports stealth better than having them closed? Thanks P.S. I'm using ZoneAlarm and a Router. On Mon, 6 Jun 2005 21:09:41 -0400, Daniel O wrote: > Hi, I'm somewhat new to closing ports and all. But from Shieldsup, I saw ...

GW Webaccess on Port 80 and port 443
--____LPHMXLZMXOMRLFKSEJCW____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Is it possible to have GroupWise Webaccess setup to listen on both port 80 = and port 443 on the same server at the same time? If so, is there = anything special that needs to be done for this to happen? Thanks Andrew --____LPHMXLZMXOMRLFKSEJCW____ Content-Type: multipart/related; boundary="____WHPEPQYSAQXEHDGESJXG____" --____WHPEPQYSAQXEHDGESJXG____ Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: quoted-printable ...

Only one usage of each socket address (protocol/network address/port) is normally permitted
hello everybody,                         i am working on a project which uses socket programming.but when using the same socket for multiple number of times even after closing down the listener() at each time i use the socket.when i run the application it gives the error as the above.i am really worried about it.if somebody can helpme out.thanks in advance.ccreddy....

PORT 80 CONFLICT = PWS vs. IIS 5.1 -- Frontpage has detected a web server conflict on Port 80
Could someone tell me where I can fix the conflict on Port 80? I don't know how to get to this screen. All I want to do is start developing applications in .net. I am trying to create a new project in MS Visual Studio.net. However, I get this error: "frontpage has detected a web server conflict on Port 80, which has server extentions for the Frontpage Personal Web Server (PWS) but is running a Microsoft-IIS/5.1 server. Frontpage requires that you install the FrontPage Extensions on this new server before using it. Would you like to see help on how to do this?" I don...

IP address & Port
In a .pac file "Direct" can be used to make a direct connection. What should be mentioned in the proxy (IP) address and port of a localhost proxy software to make a direct connection to the net. Thanks for any replies and help. Brock ----------------------------------------- Outgoing mail is certified Virus Free. Checked by Norton Antivirus 2003, Definition 4th Feb-2004. In message <c87gsn$9vv$1@news.grc.com>, Brock <Sunpower650No_Spam_To@hotpop.com> writes >In a .pac file "Direct" can be used to make a direct connection. What should >be m...

Web resources about - port redirection, multiple IP addresses (or run on port 80) - opensuse.org.network-internet

URL redirection - Wikipedia, the free encyclopedia
URL redirection , also called URL forwarding , is a World Wide Web technique for making a web page available under more than one URL address. ...

Why should you use Komodia's Redirection SDK - YouTube
Things you should know before you try to develop your own: LSP ,TDI, WFP, NDIS solution Visit us at: http://www.komodia.com

Whan pledges funding for Queanbeyan roads, supports redirection of Ellerton extension money
Monaro candidate Steve Whan has pledged $17.3 million in additional road funding for Queanbeyan in the lead up to the NSW state election - without ...

Facebook tries to takeover the world with a redirection bug
Some of the biggest news sites in the world disappeared today when Facebook took over the internet with a redirection bug.

Matt Cutts : "Une redirection 301 ne génère pas de perte de PageRank"
Web Rank Info Matt Cutts : "Une redirection 301 ne génère pas de perte de PageRank" Abondance (Blog) Matt Cutts a publié hier une vidéo de ...

LED Cinema Display (27-inch), LED Cinema Display (24-inch, Late 2008): About headphone sound redirection ...
In certain situations, when you plug headphones into a Mac connected to an LED Cinema Display (24-inch, Late 2008) or LED Cinema Display (27-inch) ...

NASA announces details of its asteroid redirection mission
Today, NASA held a press conference in which it described the latest developments in its plan to return an asteroid to an orbit close enough ...

Google Hides Country Redirection Bypass Link
... see the link. Another option is to go to www.google.com/ncr, the same URL that used to the displayed by Google. "NCR" means "no country redirection", ...

Redirection for 2012 BW50
Redirection for 2012 BW50

redirection
Read all 'redirection' posts on .

Resources last updated: 12/16/2015 1:27:33 PM