普通用戶從非80端口啓動tomcat，經過端口轉發監聽80端口

linux下小於1024的端口都須要root去綁定。

root權限啓動tomcat是不明智的，可使用非root權限啓動tomcat監聽8080端口，而後利用端口轉發實現對80端口的監聽。

端口轉發：

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

-A PREROUTING 添加新規則
-p 檢查tcp協議
--dport 80 指定目標端口
-j REDIRECT 目標跳轉
--to-prot 8080 指定源端口

 

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

 

to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

 

解決iptables重啓後失效的問題：

iptables-persistent for Debian/Ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name "iptables-persistent" which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6.
For use, the package must simply be installed.

# apt-get install iptables-persistent

而後使用 iptables-save (須要 root權限)就能夠永久保存了，下次啓動就會直接生效。