5 Replies Latest reply: Oct 29, 2004 6:21 AM by begemotic RSS

SSL via HTTPS Standardport 443 / Redirect to 8443

begemotic Newbie

How can I configure JBoss 3.2.5, so I can access the SSL configured Tomcat container via Port 443, and have not to run JBoss as a system user with a userid below 1024? I must use the standard HTTPS port 443, because my external JBoss server is outside the company firewall and will run my browser from inside and outside this firewall. As a workaround I tried to use SSH local forwarding at the JBoss system with ssh -L 443:localhost:8443 localhost, but this doesn't work.
How can I bind the privileged system port 443 to a non privileged port above 1024 (e.g. 8443)?
The local firewall at the JBoss system allows only port 443 and 8443.

Regards,

Roland

  • 1. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
    Lance Nehring Newbie

    What operating system are you running? With Linux I use iptables to redirect port 443 to 8443 and run JBoss as a non-privileged user. This involves setting up iptables for destination NAT.

    r,
    Lance

  • 2. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
    begemotic Newbie

    Hi,
    currently I'm using SuSe 8.2, but I will switch to Debian30. Because I'm new to managing the firewall with iptables (I use the SuSe yast tool), it would be nice to have an initial help to build the filter tables for NAT.

    Regards,

    Roland

  • 3. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
    Lance Nehring Newbie

    I generally run some varient of RedHat Fedora, but it's still using iptables. I don't like the way iptables is setup on RedHat, so I generally replace the RC script at /etc/init.d/iptables with my own script/firewall rules.

    You'll need to load the "iptable_nat" kernel module to get the Network Address Translation. Then the forwarding rules look something like this (where "$IPADDR" is your IP address):

    ## Port forwarding 80 to 8080
    iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 80 \
     -j REDIRECT --to-ports 8080
    iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 80 \
     -j REDIRECT --to-ports 8080
    iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 80 \
     -j REDIRECT --to-ports 8080
    
    ## Port forwarding 443 to 8443
    iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 443 \
     -j REDIRECT --to-ports 8443
    iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 443 \
     -j REDIRECT --to-ports 8443
    iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 443 \
     -j REDIRECT --to-ports 8443
    


    You'll have your other ingress and egress rules as you normally would. I can post a more complete script if you like that should be able to work on most any newer Linux using iptables.

    r,
    Lance

  • 4. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
    begemotic Newbie

    Hi Lance,

    it would be nice, if you can post the script. So I can perform the iptables setup faster.

    Regards
    Roland

  • 5. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
    begemotic Newbie

    Hi Lance,

    the port redirection works fine.

    Regards,

    Roland