Why am I getting my Tomcat's welcome page when I try to open any other web page? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

Good day, I'm running Tomcat on my server on port 8080. Tomcat is accessible well from the outside on port 80 and also from the server itself (I redirected ports using iptables). However when I try to open any other web page (such as http://www.google.com etc.) in the web browser on the server I'm getting my Tomcat's welcome page. It also doesn't help if I use IP address instead. It seems there is something wrong with my iptables config:

# Generated by iptables-save v1.4.7 on Thu Oct 18 08:55:16 2012
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:SSH - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -m state --state INVALID -j DROP 
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j SSH 
-A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT 
-A INPUT -j DROP 
-A SSH -s 10.0.0.0/8 -j ACCEPT 
-A SSH -m limit --limit 5/sec --limit-burst 100 -j ACCEPT 
-A SSH -j DROP 
COMMIT
# Completed on Thu Oct 18 08:55:16 2012
# Generated by iptables-save v1.4.7 on Thu Oct 18 08:55:16 2012
*nat
:PREROUTING ACCEPT [810:128855]
:POSTROUTING ACCEPT [41:2705]
:OUTPUT ACCEPT [26:1805]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 
-A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 
COMMIT
# Completed on Thu Oct 18 08:55:16 2012

Please advise. Many thanks in advance. Vojtech

EDITED:

So I found out that when I remove following line it start working. Could someone please explain what exactly does this line do so that I can see my Tomcat's welcome page when opening for example Google web page?

-A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

Answer 1

The line you are asking about takes any packet on the OUTPUT chain with protocol TCP, headed out to destination-port 80 and moves it to the REDIRECT chain which is not what you want. Because, unless you also specify a destination ip with that rule, all http requests will go to your Tomcat. When things come from a <local process>, you want them to go to the destination IP that they specify (google.com, etc) and not redirect them to your local machine.

For reference: