Is it possible to deterministically trace how port 80 is forwarded and where the configuration is on a given system?

Question

Is there a way to determine or trace how a port forwarding configuration is set up on a system running Ubuntu 14.04 LTS, on which there is a NodeJS service running and somehow accepting connections via port 80, although the service itself is running on port 8080, given that it's clear that port 80 connections are being handled by Apache (see details below)?

I have attempted to lsof -i :80 on the system, and according to lsof, there's no process running on port 80. Interestingly, though:

ubuntu@ip-***-**-**-***:~$ sudo netstat -anp | grep apache
tcp6       0      0 :::80                   :::*                    LISTEN      10197/apache2

I have dug into the apache configuration, after determining that it is located at /etc/apache2/apache2.conf and have not been able to find any VirtualHost records, ProxyPass, or anything of the sort.

I have also checked iptables -L just in case.

Would httpry or something like it help figure out the port forwarding configuration and what running processes are responsible for the port forwarding?

Answer 1

iptables -L wouldn't answer the question (this lists the iptables filter table); you'd want to look at the nat table by running iptables -t nat -L (or iptables -t nat -S, which produces output in the format of iptables-save which I find much easier to read).

Typically Apache reads more than just /etc/apache2/apache2.conf, also, so there may be additional Apache config files under /etc/apache2 that you should check.