将Web服务器从端口5000重定向到localhost(Fedora)上的端口80

时间:2017-05-09 06:54:31

标签: linux networking fedora firewall iptables

在Fedora 24上,一个Web服务器(Node.js)在端口5000上运行(独立,没有apache /其他)。尝试在端口80上访问它。

http://localhost:5000有效

试过这个:

systemctl stop firewalld
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 5000

http://localhost无法正常工作

试过这个

systemctl restart firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --zone=external --add-masquerade 
firewall-cmd --zone=external --add-forward-port=port=80:proto=tcp:toport=5000 
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 
firewall-cmd --list-all
FedoraWorkstation (active)
  target: default
  icmp-block-inversion: no
  interfaces: wlp3s0
  sources: 
  services: mdns ssh dhcpv6-client samba-client https http
  ports: 1025-65535/tcp 1025-65535/udp
  protocols: 
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=5000:toaddr=
  source-ports: 
  icmp-blocks: 
  rich rules: 

其他信息 试过这些

sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -t nat --list

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 5000
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https redir ports 5000

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

ifconfig 
enp0s25: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

ip route 
default via 192.168.1.1 dev wlp3s0  proto static  metric 600 
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.4  metric 600

对于其他人,它只是起作用: Best practices when running Node.js with port 80 (Ubuntu / Linode)

在端口80上以root身份运行节点。请注意,没有IPv4:

netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd           
tcp        0      0 0.0.0.0:4433            0.0.0.0:*               LISTEN      3977/deluge-gtk     
tcp        0      0 0.0.0.0:51157           0.0.0.0:*               LISTEN      3977/deluge-gtk     
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN      900/postgres        
tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      3203/dropbox        
tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      3203/dropbox        
tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      3203/dropbox        
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd           
tcp6       0      0 :::4433                 :::*                    LISTEN      3977/deluge-gtk     
tcp6       0      0 :::51157                :::*                    LISTEN      3977/deluge-gtk     
tcp6       0      0 :::5432                 :::*                    LISTEN      900/postgres        
tcp6       0      0 :::17500                :::*                    LISTEN      3203/dropbox        
tcp6       0      0 :::34017                :::*                    LISTEN      10532/code          
tcp6       0      0 :::5858                 :::*                    LISTEN      30394/node          
tcp6       0      0 :::5000                 :::*                    LISTEN      30394/node     

2 个答案:

答案 0 :(得分:2)

firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --add-masquerade --permanent
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=5000 --permanent

#make port forwarding work on localhost
iptables -t nat -I OUTPUT --source 127.0.0.1 --destination 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 5000

答案 1 :(得分:0)

你应该避免使用iptables这样的事情,但在Fedora上你需要适当地设置防火墙。此问题也与Node.js

无关
firewall-cmd --add-service=http --permanent
firewall-cmd --reload

相关:https://unix.stackexchange.com/questions/39216/cannot-connect-to-fedora-on-port-80