Binding to restricted ports with regular user

There are plenty of security reasons to avoid running applications and services as root. This also includes those times when you need to bind to restricted ports like 80 (http) or 443 (https). So what should you do? If you administer the system, use IP tables, the built-in Linux firewall to setup local port forwarding. Works perfectly on a Raspberry Pi running Raspbian.

The initial configuration needs to be performed with privilege to use the sudo command. Alternatively login as root and execute the same without sudo.

sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443

Will route port 80 to 8080 and 443 to 8443. Your app can now bind to port 8080 and/or 8443 without needing elevated privileges.

It was the technique I used for the Google OAuth Reverse Proxy, a part of my Garage Door Opener architecture.

How do you undo? Call the same commands again substituting -A (append) for -D (delete).