5 Replies Latest reply: Oct 29, 2004 6:21 AM by begemotic RSS

    SSL via HTTPS Standardport 443 / Redirect to 8443

    begemotic Newbie

      How can I configure JBoss 3.2.5, so I can access the SSL configured Tomcat container via Port 443, and have not to run JBoss as a system user with a userid below 1024? I must use the standard HTTPS port 443, because my external JBoss server is outside the company firewall and will run my browser from inside and outside this firewall. As a workaround I tried to use SSH local forwarding at the JBoss system with ssh -L 443:localhost:8443 localhost, but this doesn't work.
      How can I bind the privileged system port 443 to a non privileged port above 1024 (e.g. 8443)?
      The local firewall at the JBoss system allows only port 443 and 8443.

      Regards,

      Roland

        • 1. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
          Lance Nehring Newbie

          What operating system are you running? With Linux I use iptables to redirect port 443 to 8443 and run JBoss as a non-privileged user. This involves setting up iptables for destination NAT.

          r,
          Lance

          • 2. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
            begemotic Newbie

            Hi,
            currently I'm using SuSe 8.2, but I will switch to Debian30. Because I'm new to managing the firewall with iptables (I use the SuSe yast tool), it would be nice to have an initial help to build the filter tables for NAT.

            Regards,

            Roland

            • 3. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
              Lance Nehring Newbie

              I generally run some varient of RedHat Fedora, but it's still using iptables. I don't like the way iptables is setup on RedHat, so I generally replace the RC script at /etc/init.d/iptables with my own script/firewall rules.

              You'll need to load the "iptable_nat" kernel module to get the Network Address Translation. Then the forwarding rules look something like this (where "$IPADDR" is your IP address):

              ## Port forwarding 80 to 8080
              iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 80 \
               -j REDIRECT --to-ports 8080
              iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 80 \
               -j REDIRECT --to-ports 8080
              iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 80 \
               -j REDIRECT --to-ports 8080
              
              ## Port forwarding 443 to 8443
              iptables -t nat -A OUTPUT --destination localhost -p tcp --dport 443 \
               -j REDIRECT --to-ports 8443
              iptables -t nat -A OUTPUT --destination $IPADDR -p tcp --dport 443 \
               -j REDIRECT --to-ports 8443
              iptables -t nat -A PREROUTING --destination $IPADDR -p tcp --dport 443 \
               -j REDIRECT --to-ports 8443
              


              You'll have your other ingress and egress rules as you normally would. I can post a more complete script if you like that should be able to work on most any newer Linux using iptables.

              r,
              Lance

              • 4. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
                begemotic Newbie

                Hi Lance,

                it would be nice, if you can post the script. So I can perform the iptables setup faster.

                Regards
                Roland

                • 5. Re: SSL via HTTPS Standardport 443 / Redirect to 8443
                  begemotic Newbie

                  Hi Lance,

                  the port redirection works fine.

                  Regards,

                  Roland