I'm running Tomcat8 on CentOS7 in Google VM instance on port 8080. I setup the iptables rule to map all external connections to port 80 to 8080
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
After that I save the rule with
service iptables save
Tomcat works fine and accessible from outside via port 80.
The rule is saved in /etc/sysconfig/iptables.
...
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
...
but after server reboot the rule is not applied.
It's still in the file /etc/sysconfig/iptables but not in action when I run
iptables-save
It seems that iptables rules are restored from somewhere else.
How can I persist the rule properly to preserve it after reboot?
In order to resolve the issue with IPtables you can do the following:
yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables
However, Centos7 is using FirewallD now instead. In order to apply the firewall, you need to check first what are the available zones and which zones are active on FirewallD by running these commands:
firewall-cmd --list-all-zones
firewall-cmd --get-active-zones
If public zone is active for example, you can run these commands to enable port forwarding (port 80 to 8080 in your case):
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
Once done, you can reload the rules to make sure everything is OK by running this command:
firewall-cmd --reload
You can check man firewall-cmd for more information.