Normal user starts Tomcat from non-80 port and listens on port forwarding 80 port

A port of less than 1024 Linux requires root to bind.

Root permission to start Tomcat is unwise, you can use non-root permissions to start Tomcat listening on port 8080, and then use port forwarding to implement 80 port monitoring.

Port forwarding:

 the 8080

-A prerouting add a new rule
-P Check TCP protocol
--dport 80 specifying the destination port
-j REDIRECT Target Jump
--to-prot 8080 specifying the source port

As loopback devices (like localhost) does not use the prerouting rules, if you need to use localhost, etc., add this rule as Well (thanks @Francesco):

127.0. 0.1  the 8080

Note:the above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port You decide to use), thus intercepting the traffic. (Credits to CesarB).

To delete the above rule:

# iptables-t Nat--line-numbers-n-L

This would output something like:

 chain prerouting (policy ACCEPT) num target prot opt source Destinati On  1  REDIRECT TCP--0.0 . Span style= "color: #800080;"  >0.0 /0  0.0 . 0.0 /0  tcp dpt:8080  redir ports 8088   2  REDIRECT TCP--0.0 /0  0.0 . 0.0 /0  tcp dpt:80  redir ports Span style= "color: #800080;" >8080  
 

The rule is interested on is Nr. 2, so to delete it:

2

Resolves an issue that failed after iptables restart:

Iptables-persistent for Debian/ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name "Iptables-persistent" which takes Over the automatic loading of the saved iptables rules. To does this, the rules must is saved in the file/etc/iptables/rules.v4 for IPv4 and/etc/iptables/rules.v6 for IPV6.
The package must simply is installed.

Install iptables-persistent

You can then use Iptables-save (which requires root privileges) to be permanently saved, and the next time you start it will take effect directly.

Normal user starts Tomcat from non-80 port and listens on port forwarding 80 port