Learn how to forward ports with system tools.

Prerequisites

This article refers to censhare Web using the Jetty Webserver. The examples we provide can be used for any other service as well.

Example

As an example, the censhare Web Client is listening to port 8888 by default. But you want to have the censhare Web Client accessible on port 80. As port 80 is a protected port, our censhare default user corpus isn't permitted to start the Jetty Webserver on port 80. Jetty can be started as root, too. Since this may result in a security issue, you may use redirection instead.

Redirect on Linux

You have two options for how to redirect ports on Linux, IPTables and xinet.d

  • using IPTables
    For IPTables, you need a rule for every redirect. A redirect for port 80 to 8888 will look like the one below:

    iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8888
    CODE

  • using xinet.d
    As you don't need to consider any other rules like you will need using IPTables, xinet.d is the preferred tool for redirects here.
    The configuration needs to be done within /etc/xinet.d/ . The name of the config-file is freely selectable. In our example, we will call it jetty_redirect.
    Note: even if /etc/xinet.d exists, you may need to install and activate this deamon anyway.
    Example for redirecting port 80 to 8888:

    CODE


    Type UNLISTED means that this type isn't known to the operating system. If you use TYPE http instead, you may also use TYPE = LISTED. A full list of known types can be found in /etc/services.
    The service name doesn't matter at all. 

    Download the configuration file.

Redirect on Solaris

On Solaris, IPNAT can be used for port forwarding.
You need to configure these rules within the IPNAT config file: /etc/ipf/ipnat.conf

# example 1
rdr srv0 213.95.221.36 port 80 -> 213.95.221.36 port 8888
rdr srv0 213.95.221.36 port 443 -> 213.95.221.36 port 30546

# example 2
rdr net1 213.95.221.36 port 80 -> 192.168.16.192 port 8888
rdr net1 213.95.221.36 port 443 -> 192.168.16.192 port 8443
CODE

The first example assumes the given IP is a public IP configured to this host. It will redirect all incoming traffic for 80 and 443 to 8888 respectively to 30546.
The second example shows that even a redirect between two different interfaces is possible. This configuration redirects 80 and 443 to the class C net to port 8888 respectively 8443.
IPNAT has to be enabled then using svcadm:

svcadm enable ipfilter
CODE