I have glassfish 6 running on a VPS (single machine) and it listens on port http:8080 and https:8081. Port unification is enabled so that 8080 is directed to 8081.
On my VPS I use ufw and have configured port forwarding/redirect from 80 -> 8080 and 443 -> 8081:
# Port Forwarding
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8081
-A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8081
This only works when I open port 8080 and 8081 on ufw as well.
Is it possible to have a local forward (of remote packages) to my port 8080/8081 without opening these ports in ufw as well? From the outside only 80 and 443 should be visible/open.
I tried this rule as well:
-A PREROUTING -i venet0:0 -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:8081
With the above forwarding works as well but port 8081 has to be open still on ufw.
I found this to allow remote packages to be directed to local interfaces as well:
sysctl -w net.ipv4.conf.venet0.route_localnet=1
This does not work as well when 8080 and 8081 are closed on ufw.
