普通用户从非80端口启动tomcat，通过端口转发监听80端口

linux下小于1024的端口都需要root去绑定。

root权限启动tomcat是不明智的，可以使用非root权限启动tomcat监听8080端口，然后利用端口转发实现对80端口的监听。

端口转发：

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

-A PREROUTING 添加新规则
-p 检查tcp协议
--dport 80 指定目标端口
-j REDIRECT 目标跳转
--to-prot 8080 指定源端口

 

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

 

to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)num  target     prot opt source               destination         1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 80882    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

 

解决iptables重启后失效的问题：

iptables-persistent for Debian/Ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name "iptables-persistent" which takes over the automatic loading of the saved iptables rules. To do this, the rules must be saved in the file /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6.
For use, the package must simply be installed.

# apt-get install iptables-persistent

然后使用 iptables-save (需要 root权限)就可以永久保存了，下次启动就会直接生效。