Listen to Ports Below 1024

Updated at 2015-07-25 13:16

Most operating systems block listening to ports below 1024 for users that are not root. This makes hosting website using a non-root user a bit troublesome.

But you can host the server on a port above 1024, then route that port to any port below 1024 while root:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

iptables -t nat -n -L PREROUTING    # list the routings

# To remove routings...
iptables -t nat -D PREROUTING 1     # removes the top one
iptables -t nat -D PREROUTING 2     # removes the second one, etc.

These rules are removed on reboot. To apply them on reboot:

Fedora and Amazon Linux:

service iptables save


# Save the rules to a file
iptables-save > /etc/iptables-webserver.conf
# Create startup script
touch /etc/network/if-up.d/iptables
iptables-restore < /etc/iptables-webserver.conf
# Allow executing the file
chmod +x /etc/network/if-up.d/iptables