iptables can redirect port 80 to port 8080 but does not control outgoing packet headers
sudo /sbin/iptables -t nat -I PREROUTING -p tcp -dport 80 -j REDIRECT -to-port 8080 iptables -t nat -I OUTPUT -p tcp -dst 192.168.1.100 -dport 80 -j DNAT -to 192.168.1.100:8080 (secnod rule os for remapping connections originating inside the machine)
a better solution is authbind (the default for tomcat6)
The following was on Ubu 8.04 lts with tomcat 5.5 , tomcat6 comes with authbind by default
sudo apt-get install authbind
touch /etc/authbind/byport/80 chmod 500 /etc/authbind/byport/80 chown tomcat /etc/authbind/byport/80
DISABLE IPV6
sudo nano /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
/usr/local/tomcat/bin/tomcatenv
(sometimes as /usr/local/tomcat/bin/setenv.sh or /usr/local/apache-tomcat/bin/setenv.h) (apparently tomcat5 might have it in startup.sh)
CATALINA_OPTS="-Djava.net.preferIPv4Stack=true"
/usr/local/tomcat/bin/startup.sh
exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
OLD: exec "$PRGDIR"/"$EXECUTABLE" start "$@"
tomcat runs on 8080 by default so you still have to configure it to try another port
$CATALINA_HOME\conf\server.xml
(also known as /usr/local/tomcat/conf/server.xml)
<Connector port="8080" ...
CHANGED TO
<Connector port="80" ...
Potentially need to disable IPv6 system wide by appending to /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
SECURITY CHECK
cat /etc/passwd #should display user tomcat cat /etc/group #should not display tomcat as an admin!
/etc/init.d/tomcat #startup script should not have an admin/root running startup.sh
lines should be more like
su -l tomcat /usr/local/tomcat/bin/startup.sh
if there's a mixup/misconfig...
sudo chown tomcat:tomcat -R /usr/local/tomcat sudo chown tomcat:tomcat -R /usr/local/tomcat/*
Servlet API is needed to compile Java servlet. Servlet API is not part of JDK (in Java EE) COPY the Servlet jar-file "$CATALINA_HOME\lib\servlet-api.jar" into your JDK's extension directory "$JAVA_HOME\jre\lib\ext" (where $JAVA_HOME is the JDK installed directory).
OR include the Servlet jar- file in the CLASSPATH.
"EchoServlet.java" and save it under your application's "WEB-INF\classes"
\WEB-INF\classes\EchoServlet.java". Compile the source into "EchoServlet.class".
To invoke the servlet, http://localhost:8080/ws/servlet/EchoServlet.
import java.io.; import javax.servlet.; import javax.servlet.http.*;
public class EchoServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
out.println("<html>");
out.println("<head><title>Servlet Test</title></head>");
out.println("<body>");
out.println("<p>Hello,</p>");
out.println("<p>Request URI: " + request.getRequestURI() + "</p>");
out.println("<p>Protocol: " + request.getProtocol() + "</p>");
out.println("<p>PathInfo: " + request.getPathInfo() + "</p>");
out.println("<p>Remote Address: " + request.getRemoteAddr() + "</p>");
out.println("</body>");
out.println("</html>");
} }
WINDOWS BASED (portable) tomcat
You can download the .zip (yes portable!) version of tomcat6 for windows
http://tomcat.apache.org/download-60.cgi
After extraction you can modify version.bat and startup.bat to include (near the top)
set JRE_HOME="c:\progra~1\java\jdk1.7.0"
NOTE: please replace the java location with your correct one (i.e. 1.6.0?)