Access Manager IDP Port Redirection Script for RHEL 7.x

Access Manager IDP Port Redirection Script for RHEL 7.x

In the Access Manager documentation the Port Redirection script works only for SUSE. I have modified the script and added a few more steps to run it on Redhat 7.x, which is using systemd. Follow the steps below:

# vi /etc/init.d/AM_IDP_Redirect



Paste the following Script, make changes in INTF and ADDR. Get the details using /sbin/ifconfig command:

#! /bin/sh
#! /etc/init.d/AM_IDP_Redirect
# ### BEGIN INIT INFO
# chkconfig: 345 99 76
# Provides: idp_8443_redirect
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Redirect 8443 to 443 for Novell IDP
### END INIT INFO #



# Environment-specific variables.
IPT_BIN=/usr/sbin/iptables
INTF=ens33
ADDR=172.17.5.170

#. /etc/rc.status

# First reset status of this service
#rc_reset

case "$1" in
start)
echo -n "Starting IP Port redirection"
$IPT_BIN -t nat --flush
$IPT_BIN -t nat -A PREROUTING -i $INTF -p tcp --dport 80 -j DNAT --to ${ADDR}:8080
$IPT_BIN -t nat -A PREROUTING -i $INTF -p tcp --dport 443 -j DNAT --to ${ADDR}:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $ADDR --dport 443 -j DNAT --to ${ADDR}:8443
$IPT_BIN -t nat -A OUTPUT -p tcp -d $ADDR --dport 80 -j DNAT --to ${ADDR}:8080
#rc_status -v
;;
stop)
echo -n "Flushing all IP Port redirection rules"
$IPT_BIN -t nat --flush
#rc_status -v
;;
restart)
echo -n "Restarting the Port redirection script"
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
#rc_exit


 

Make the script executable using the command below:

# chmod +x /etc/init.d/AM_IDP_Redirect



Create a Service:

# vi /etc/systemd/system/AM_IDP_Redirect.service



Create and paste the script below and save it.

[Unit]
Description=IDP Port Redirect
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/etc/init.d/AM_IDP_Redirect start
ExecRestart=/etc/init.d/AM_IDP_Redirect restart
ExecStop=/etc/init.d/AM_IDP_Redirect stop
TimeoutStartSec=0

[Install]
WantedBy=multiuser.target



Reinitialize the systemd by using:

# systemctl daemon-reload



Enable the AM_IDP_Redirect script to load, run the command below:

# systemctl enable AM_IDP_Redirect

Created symlink from /etc/systemd/system/multiuser.target.wants/AM_IDP_Redirect.service to /etc/systemd/system/AM_IDP_Redirect.service.



Start the Service:

# systemctl start AM_IDP_Redirect



Verify using:

# iptables -t nat -nvL



Chain PREROUTING (policy ACCEPT 18 packets, 1296 bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 DNAT       tcp  --  ens33  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 to:172.17.5.170:8080

0     0 DNAT       tcp  --  ens33  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.17.5.170:8443



Chain INPUT (policy ACCEPT 18 packets, 1296 bytes)

pkts bytes target     prot opt in     out     source               destination



Chain OUTPUT (policy ACCEPT 4034 packets, 245K bytes)

pkts bytes target     prot opt in     out     source               destination

0     0 DNAT       tcp  --  *      *       0.0.0.0/0            172.17.5.170         tcp dpt:443 to:172.17.5.170:8443

0     0 DNAT       tcp  --  *      *       0.0.0.0/0            172.17.5.170         tcp dpt:80 to:172.17.5.170:8080



Reboot the server and then test using the above iptables command, you should get the same result.

Standard systemctl commands will also work:

    1. To Stop the Script
      # systemctl stop AM_IDP_Redirect

 

    1. To Restart the Script
      # systemctl restart AM_IDP_Redirect

 

    1. To Start the Script
      # systemctl start AM_IDP_Redirect

 

    1. To Disable the Script
      # systemctl disable AM_IDP_Redirect




As a fall-back you can also use the commands below:


    1. To Stop the Script
      #/etc/init.d/AM_IDP_Redirect stop

 

    1. To Restart the Script
      #/etc/init.d/AM_IDP_Redirect restart

 

    1. To Start the Script
      #/etc/init.d/AM_IDP_Redirect start




For troubleshooting check the logs in /var/log/messages.

Ref: https://www.netiq.com/documentation/access-manager-44/install_upgrade/data/b6fyxpk.html#redirectscript

 

Labels (2)

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
I have had success using firewalld to redirect ports:

firewall-cmd --zone=external --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
firewall-cmd --zone=public --add-forward-port=port=443:proto=tcp:toport=8443 --permanent
Sorry, the first command should be:

firewall-cmd –zone=public –add-masquerade –permanent
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2020-01-31 11:12
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.