setting up iptables to forward 80 (http) and 443 (https) to other ports

If you want to serve http content from application run by a non-root user, you can set up iptables to forward http and https ports to “user space ports”.

Setting up

Assuming your app uses port 8080 for http and 8081 for https, configure iptables as follows:

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8081

Saving and restoring

Test the configuration and if it works save it, e.g. with:

sudo iptables-save > /etc/iptables/rules

Now you have to add reading iptables configuration on system startup.
If your network is configured manually you can add iptables-restore < /etc/iptables/rules to your /etc/network/interfaces:

auto eth0
iface eth0 inet dhcp
        pre-up iptables-restore < /etc/iptables/rules

If your /etc/network/interfaces is generated automatically, you can create a new file in /etc/network/if-pre-up.d/ with following content:

#!/bin/bash

iptables-restore < /etc/iptables/rules
exit 0
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s