DigitalOcean

Report this

What is the reason for this report?
Question

iptables nat port redirect loses POST parameters

Posted on October 24, 2014
alexbolboaca

By alexbolboaca

I have a Grails application deployed on glassfish on a droplet running Ubuntu Server. In order to make the domain work with the default http and https ports, I had to redirect the port 80 to 8080 and 443 to 8181 using iptables.

Unfortunately, something strange happens: on login, the username and password are correctly POST’ed by the client but they don’t reach the server application. Instead, the application redirects to the port 8181 and then everything works fine.

The problem seems therefore to be with the port forwarding somehow losing the POST parameters. I have no idea why this could happen.

Here is the script that I use to redirect the ports:

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8181

Any ideas why this happens and how I could fix it?

Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
alexbolboaca
alexbolboaca
October 28, 2014

I finally fixed the problem by using authbind instead.

Here’s the script:

user=user

touch  /etc/authbind/byport/80
chmod 500 /etc/authbind/byport/80 
chown $user /etc/authbind/byport/80 
touch /etc/authbind/byport/443
chown $user /etc/authbind/byport/443
chmod 500 /etc/authbind/byport/443

To work, you need to start the domain with:

authbind --deep asadmin start-domain domain
0
Andrew SB
Andrew SBDigitalOcean Employee badge
October 24, 2014

Not sure I know the answer to your question unfortunately. Though I might have a different solution to your problem. Is there a specific reason why you don’t change the port directly through Glassfish?

You can do this in the admin interface by going to Configurations -> server-config -> Network Config -> Network Listeners

You can accomplish the same thing on the command line. For instance, to bind http-listener-1 to port 80 run:

asadmin delete-network-listener http-listener-1
asadmin delete-protocol http-listener-1
asadmin create-http-listener --default-virtual-server server --listenerport 8081 --listeneraddress 0.0.0.0 http-listener-1

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.