Friday, November 30, 2012

How to redirect incoming TCP connections to other ports (Example : 80 to 8080)

 Hello Everybody,

Today, I will show you how I solved a problem which occurred when I started setting a java web application in a production server.
We all now that Apache Tomcat Server uses the 8080 port by default. So we have to add ":8080" every time to reach the application.

The solution is to replace the 8080 port by 80. There are two ways: 

  1. Configuring Apache Tomcat
  2. Redirect incoming TCP connections from 80 port to the 8080 one.
Below the command to redirect the incoming tcp connections :

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

I have no idea which is the best way to resolve such problem ( I think the first option is the cleanest). However, this method is the quickest because it saves you some minutes.

Good bye :-)

Friday, November 23, 2012

Check opened ports in Linux with nmap & netstat

Several times, I would know which are the opened ports in my Linux servers (yes I have many Linux servers :p ).

There are two good methods to check what ports are open in Linux :
  1. nmap : a port scanner
  2. netstat

nmap can be used to scan your machine to check opened ports.
Enter the following command to scan your computers machine:

nmap -sS -O

Once the scan has finished you will get the following ouput:

Starting nmap 3.70 ( ) at 2005-01-16 05:48 GMT
Interesting ports on localhost.localdomain (
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE22/tcp   open  ssh80/tcp   open  http443/tcp  open  https1241/tcp open  nessusDevice type: general purposeRunning: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 1.985 days (since Fri Jan 14 06:10:41 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 2.341 seconds

The second method consist in using netstat. netstat can show hidden ports and what programs using them. 

Type following command as root:

netstat -nap

It will show you the output of something similar to:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0   *                   LISTEN      5277/wish
tcp        0      0    *                   LISTEN      3920/mDNSResponder
tcp        0      0      *                   LISTEN      31438/nessusd: wait
tcp        0      0           ESTABLISHED 5062/xchat
tcp        0      0            ESTABLISHED 5277/wish
tcp        0      0                ESTABLISHED 5062/xchat
tcp        0      0 :::80                       :::*                        LISTEN      4355/httpd
tcp        0      0 :::22                       :::*                        LISTEN      32372/sshd
tcp        0      0 :::443                      :::*                        LISTEN      4355/httpd
udp        0      0    *                           3614/dhclient
udp        0      0  *                           3920/mDNSResponder

A quick post certainly, but I hope it would be useful for you.

PS: for more details try google :p

Good Bye ;-)