iptables Port Redirection

On a Unix system, TCP and UDP between 1 and 1023 require root privileges. This means that any program wishing to bind to these ports must be run as root. While this is fine for trusted programs such as Apache and OpenSSH, I'd be weary of letting other programs run as root. This obviously means that you cannot use the standard ports, such as 80 for HTTP, 21 for FTP etc., which is inconvenient.

A way around this, is to run the process as a standard user, bind to any arbitrary unprivileged port, and redirect the port using the system's firewall, iptables, which will be running as root anyway.

For example, to redirect any traffic on port 80 to port 8080 on interface eth0, save the following to /etc/iptables.rules.

-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

And add the following pre-up line to /etc/network/interfaces.

auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules

You should now be able to access your program on both port 80 and 8080. I use this to have the XBMC web interface accessible on port 80, without having to run the whole program as root.

Leave a Reply