I recently set up Tomcat on Port 80 using instructions provided by Werner Puschitz. In essence, I had to execute these two iptables commands:
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -I OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
I achieved the goal in regard to Tomcat, but it screwed up some other things; for example, when I attempt to run `yum update yum', I get the following errors:
http://mirror.stanford.edu/yum/pub/centos/5.5/addons/x86_64/repodata/repomd.xml: [Errno 4] IOError: <urlopen error (111, 'Connection refused')>
Trying other mirror.
http://mirrors.adams.net/centos/5.5/addons/x86_64/repodata/repomd.xml: [Errno 4] IOError: <urlopen error (111, 'Connection refused')>
etc...
WGET fails in similar fashion.
I know that the iptables rules are to blame because removing them fixed the problem with YUM and WGET. So, why are those rules screwing up YUM and WGET? I'm guessing it's the OUTPUT rule, right? What does it actually do, and why is it necessary? Is that nasty side-effect avoidable?
If you are running Tomcat on the server it is the inbound traffic that needs to be redirected to port 8080 and not outbound.
The second rule redirects incoming requests on port 80 generated from the local node where Tomcat is running as mentioned in the link. It is needed only if you want access tomcat on port 80 from within the server.