5 Replies Latest reply on Oct 29, 2004 6:21 AM by begemotic

    SSL via HTTPS Standardport 443 / Redirect to 8443

    begemotic
    begemotic Oct 27, 2004 3:26 PM

      How can I configure JBoss 3.2.5, so I can access the SSL configured Tomcat container via Port 443, and have not to run JBoss as a system user with a userid below 1024? I must use the standard HTTPS port 443, because my external JBoss server is outside the company firewall and will run my browser from inside and outside this firewall. As a workaround I tried to use SSH local forwarding at the JBoss system with ssh -L 443:localhost:8443 localhost, but this doesn't work.
      How can I bind the privileged system port 443 to a non privileged port above 1024 (e.g. 8443)?
      The local firewall at the JBoss system allows only port 443 and 8443.

      Regards,

      Roland

      • 19487 Views
      • Tags:
        • 1. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
          nehring
          nehring Oct 27, 2004 3:36 PM (in response to begemotic)

          What operating system are you running? With Linux I use iptables to redirect port 443 to 8443 and run JBoss as a non-privileged user. This involves setting up iptables for destination NAT.

          r,
          Lance

            • Actions
          • 2. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
            begemotic
            begemotic Oct 27, 2004 4:09 PM (in response to begemotic)

            Hi,
            currently I'm using SuSe 8.2, but I will switch to Debian30. Because I'm new to managing the firewall with iptables (I use the SuSe yast tool), it would be nice to have an initial help to build the filter tables for NAT.

            Regards,

            Roland

              • Actions
            • 3. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
              nehring
              nehring Oct 28, 2004 12:49 AM (in response to begemotic)

              I generally run some varient of RedHat Fedora, but it's still using iptables. I don't like the way iptables is setup on RedHat, so I generally replace the RC script at /etc/init.d/iptables with my own script/firewall rules.

              You'll need to load the "iptable_nat" kernel module to get the Network Address Translation. Then the forwarding rules look something like this (where "$IPADDR" is your IP address):

              ## Port forwarding 80 to 8080
iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 80 \
 -j REDIRECT --to-ports 8080
iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 80 \
 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 80 \
 -j REDIRECT --to-ports 8080

## Port forwarding 443 to 8443
iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 443 \
 -j REDIRECT --to-ports 8443
iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 443 \
 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 443 \
 -j REDIRECT --to-ports 8443


              You'll have your other ingress and egress rules as you normally would. I can post a more complete script if you like that should be able to work on most any newer Linux using iptables.

              r,
              Lance

                • Actions
              • 4. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
                begemotic
                begemotic Oct 29, 2004 2:30 AM (in response to begemotic)

                Hi Lance,

                it would be nice, if you can post the script. So I can perform the iptables setup faster.

                Regards
                Roland

                  • Actions
                • 5. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
                  begemotic
                  begemotic Oct 29, 2004 6:21 AM (in response to begemotic)

                  Hi Lance,

                  the port redirection works fine.

                  Regards,

                  Roland

                    • Actions