OCI SLBaaS: Configuring a listener on a restricted (443) port

There are 3 solutions to configure a listener on a restricted port on Oracle Traffic Director (OTD), for example 80 or 443.

Option 1: Use a non restricted port, for example 8443, and use a port redirection using xinetd

Configure the following file as as example, in the /etc/xinet.d directory

service otd
 {
 type = UNLISTED
 disable = no
 socket_type = stream
 protocol = tcp
 user = root
 wait = no
 port = 443
 redirect = 127.0.0.1 8443
 }

Then restart xinetd

# service xinetd restart

PS: To troubleshoot, uses /usr/sbin/xinetd -d -dontfork

 

Option 2: Use a non restricted port, for example 8443, and use the iptables for redirection

# /sbin/iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
# /sbin/iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8443

 

Option 3: Modify the file protection of the portbind executable and use 443 as the listener port

# chown root /u01/app/oracle/middleware/otd/lib/portbind
# chmod 4751 /u01/app/oracle/middleware/otd/lib/portbind

This option 3 may not be persistent across a system reboot on OCI classic.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s