iptables redirected port 80 to 8080 - How to disallow direct access to port 8080?

I've routed all requests from port 80 to port 8080 for my Tomcat server using iptables.

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

Now http://mydomain.com/ works fine, but people can still access http://mydomain.com:8080. I see that on other sites this is not possible. Is there anyway to disable direct access to port 8080 via the url?


Solution 1:

When you access http://mydomain.com, does it rewrite the URL to http://mydomain.com:8080? If it does, I don't see how to make it work using purely iptables (because you will need the 8080 port to be open to answer the requests). I did a quick test here and the URL was being rewritten but it may be my site doing it.

Said that, maybe it's better to put a nginx or apache with ProxyPass/ProxyPassReverse in front of your application to deal with URLs, with the plus of being able to use nginx's or apache's URL rewrite, load balancing and other capabilities.