Linux – Run apache tomcat on port 80


By default apache tomcat runs on port 8080.

Instead of running tomcat on port 8080, we can also run it on port 80.

Run following command as root user in machine you want make tomcat to work on port 80.

$ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination :8080

Above command is using Port Forwarding technique, where all requests coming to port 80 on eth0 are forwarded to port 8080.

Advantage of port forwarding technique is security. Since port numbers 0 to 1023 are privileged ports its not suggested to give direct access to no root users.

Now test tomcat on your machine with ip address or localhost



Either of the above command will get the response from  tomcat ROOT webapp.


(13)Permission denied: proxy: HTTP: attempt to connect to (localhost) failed

(13)Permission denied: proxy: HTTP: attempt to connect to (localhost) failed – this error is because of httpd/apache2 has been denied permission to connect to IP address and port.

Main reason for this error is SELinux. Here SELinux not permitting httpd/apache2 to make network connections.

To resolve it, you need to change an SELinux boolean value (which will automatically persist across reboots). You may also required to restart httpd/apache2 to reset the proxy worker, although this isn’t strictly required.

Run either of following command to allow SELinux to permit httpd/apache2 to make network connections:

$ /usr/sbin/setsebool httpd_can_network_connect 1


$ /usr/sbin/setsebool httpd_can_network_connect true

Then restart httpd/apache2.

Load iptables on boot Ubuntu


There is no iptables service avilable in Ubuntu like service iptables start and service iptables stop. Because of this we can’t start iptables boot.

There is small hack to start iptables on boot in Ubuntu/Debian. I will be explaining it here.

First write all you iptables rules in your Ubuntu machine.

Then save you need to save iptables rules in a text file with iptables-save command.

$ sudo iptables-save > iptables_rules

Copy or move iptables_rules file in to some directory (H ere I am using /etc/sysconfig/).

Now open /etc/network/interfaces to edit and add following line below iface lo inet loopback,  then save and exit.

pre-up iptables-restore /etc/sysconfig/iptables_rules

Now reboot and test for iptables rules.

To test run sudo iptables -L command, and you should see the rules you added.


Remove all iptables rules in Ubuntu

To remove/flush all iptables rules in your Ubuntu server/desktop you need to write small script with following content.

Open a file with name, and add below content to it

echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT

Then run sh from your command line.

To conform the change run iptables -L and output appear like below without any rules.

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination