DigitalOcean

Report this

What is the reason for this report?
Question

Question about setting up port for HTTP server

Posted on February 5, 2022
13shafer@gmail.com

By 13shafer@gmail.com

Hello, I was able to port forward for a TCP socket server I am running on a droplet, however I cannot seem to do the same for my HTTP server. I used the following commands to allow access to my TCP server:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 37842 -j DNAT --to-destination 10.124.0.2:37842 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

This allowed access for tcp connections on the port 37842 and I was able to connect to it. However, when I try to set up an HTTP server on port 8000, I get Not Found (404) errors. I try to access the HTTP server with http://<public-ip>:8000/ but am unsuccessful. I have tried different ways of using iptables to forward the port and get access to my application, but nothing seems to reach it. I am asking how to modify my iptables commands to allow access to my http server from the public ip address when it is hosting off of http://10.124.0.2:8000/ ?

Thanks



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
March 10, 2024

Hey!

To allow access to your HTTP server running on a private IP (10.124.0.2) on port 8000 and make it accessible via the public IP of your droplet, you’ll need to set up similar iptables rules as you did for your TCP server, but specific to the HTTP service’s port.

Based on the iptables rules you’ve provided for your TCP server, here are the analogous rules for your HTTP server running on port 8000:

  1. PREROUTING rule to forward the incoming traffic on port 8000 to your internal IP 10.124.0.2 on the same port:

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8000 -j DNAT --to-destination 10.124.0.2:8000

  2. POSTROUTING rule to masquerade the outgoing packets:

    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    Note: The MASQUERADE rule you’ve already set should cover this, so you might not need to add it again.

After applying these rules, try accessing your HTTP server using http://<public-ip>:8000/. If it’s still not accessible, here are a few things to check:

  • Firewall: Ensure there are no additional firewall rules blocking access to port 8000. If you’re using ufw or another firewall, you might need to allow traffic on port 8000.

    ufw allow 8000/tcp

  • HTTP Server Configuration: Make sure your HTTP server is configured to listen on 10.124.0.2:8000. You can check this by accessing the HTTP server directly from the droplet itself or by checking the server’s configuration files.

  • Check HTTP Server Logs: The server logs might provide insights into why the requests are resulting in 404 errors. It could be related to the server’s configuration or the requested resources not being available.

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.