I want using reverse proxy (nginx or apache) for my tomcat application. I want redirect the ports 80,443 from reverse proxy to tomcat ports 8080, 8443. After setting up the reverse proxy, which port must be open for inbound & outbound ?
is that right ? iptables inbound : open Port 80, 443 iptables outbound: open Port 8080,8443
kind regards
blackbeard
A TCP connection is always between two (not more) participants. Each one is identified with an IP address and a port. So in reality, when you are using a reverse proxy, you have:
<client_IP>:<random_port> and nginx <server_public_IP>:80 through you physical interface.127.0.0.1:80 and Tomcat 127.0.0.1:8080 through the loopback interface.There is no reason for a firewall to block communication on the loopback interface. So you probably want to allow incoming traffic with destination port 80 and 443 and outbound traffic with source port 80 and 443.
However, usually, outbound traffic is not blocked (policy ACCEPT), you just need the following iptables rules:
iptables -A INPUT -i lo -j ACCEPT # loopback interface # don't block existing traffic iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -m multiport --dports 80,443 -m comment nginx -j ACCEPT # Probably you want to allow ssh iptables -A INPUT -p tcp --dport 22 -m comment SSH -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT ACCEPT PS: You can also run Tomcat directly on ports 80 and 443 with the same firewall rules.
8080 and 8443 have nothing to do with your problem. If you really want to filter outbound traffic, you should easily find the rules.