setting up iptables to forward 80 (http) and 443 (https) to other ports

If you want to serve http content from application run by a non-root user, you can set up iptables to forward http and https ports to “user space ports”.

Setting up

Assuming your app uses port 8080 for http and 8081 for https, configure iptables as follows:

$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8081

Saving and restoring

Test the configuration and if it works save it, e.g. with:

sudo iptables-save > /etc/iptables/rules

Now you have to add reading iptables configuration on system startup.
If your network is configured manually you can add iptables-restore < /etc/iptables/rules to your /etc/network/interfaces:

auto eth0
iface eth0 inet dhcp
        pre-up iptables-restore < /etc/iptables/rules

If your /etc/network/interfaces is generated automatically, you can create a new file in /etc/network/if-pre-up.d/ with following content:


iptables-restore < /etc/iptables/rules
exit 0