A port of less than 1024 Linux requires root to bind.
Root permission to start Tomcat is unwise, you can use non-root permissions to start Tomcat listening on port 8080, and then use port forwarding to implement 80 port monitoring.
Port forwarding:
the 8080
-A prerouting add a new rule
-P Check TCP protocol
--dport 80 specifying the destination port
-j REDIRECT Target Jump
--to-prot 8080 specifying the source port
As loopback devices (like localhost) does not use the prerouting rules, if you need to use localhost, etc., add this rule as Well (thanks @Francesco):
127.0. 0.1 the 8080
Note:the above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port You decide to use), thus intercepting the traffic. (Credits to CesarB).
To delete the above rule:
# iptables-t Nat--line-numbers-n-L
This would output something like:
chain prerouting (policy ACCEPT) num target prot opt source Destinati On 1 REDIRECT TCP--0.0 . Span style= "color: #800080;" >0.0 /0 0.0 . 0.0 /0 tcp dpt:8080 redir ports 8088 2 REDIRECT TCP--0.0 /0 0.0 . 0.0 /0 tcp dpt:80 redir ports Span style= "color: #800080;" >8080
The rule is interested on is Nr. 2, so to delete it:
2
Resolves an issue that failed after iptables restart:
Iptables-persistent for Debian/ubuntu
Since Ubuntu 10.04 LTS (Lucid) and Debian 6.0 (Squeeze) there is a package with the name "Iptables-persistent" which takes Over the automatic loading of the saved iptables rules. To does this, the rules must is saved in the file/etc/iptables/rules.v4 for IPv4 and/etc/iptables/rules.v6 for IPV6.
The package must simply is installed.
Install iptables-persistent
You can then use Iptables-save (which requires root privileges) to be permanently saved, and the next time you start it will take effect directly.
Normal user starts Tomcat from non-80 port and listens on port forwarding 80 port