Shell script forwards port 80 packets

Development is based on Node. js WEB applications are very convenient, but the service port is very painful. Because Linux kernel requires that common users only use port numbers greater than 1024, so common users can run Node. the js service cannot listen to port 80. Note: Do not use the ROOT user to run Node. js service! This will lead to unpredictable security issues! However, port 80 is used for HTTP development based on Node. js WEB applications are very convenient, but the service port is very painful. Because Linux kernel requires that common users only use port numbers greater than 1024, so common users can run Node. the js service cannot listen to port 80. Note: Do not use the ROOT user to run the Node. js service! This will lead to unpredictable security issues!

However, the habit of using port 80 as the default HTTP port has continued since the MS era. What should I do? Some people talk about using NginX as a reverse proxy on the Internet. In fact, I don't think it is necessary to be so exaggerated. I just need to use the ROOT user to do a data forwarding between the common port and port 80, the iptables statement is as follows:

Copy the Code as follows: iptables-t nat-a prerouting-p tcp -- dport 80-j REDIRECT -- to-port your port number
Note the following when using the preceding statement:
1. This statement is temporary and becomes invalid after the server is restarted.
2. If you want to bind port 80 to another port after executing such statements, you must first use
Copy the Code as follows:
# View current port forwarding rules
Iptables -- line-numbers -- list PREROUTING-t nat

 

# Find the row number of the record bound to the forwarded port from the list output in the preceding statement, and delete the record with the following sentence to delete the forwarding, what hurts most is that you cannot specify the characteristics of a forwarding rule to delete a record. You can only tell it the number of rows deleted ".
Iptables-t nat-d prerouting row number

 

3. When using ArchLinux, do you need to note that the kernel lacks modules (iptables or nat ?) Instead of using the preceding statement to bind a forwarding port, You need to recompile the kernel or module.

For the above problem, I wrote a script to automatically delete records and bind records:

 

Copy the Code as follows :#! /Bin/bash
# Script school www.jbxue.com
If [$ # = 1]; then
If [$1-ge 0]; then
If [$1-le65535]; then

 

# Delete all old bindings
For line_num in $ (iptables -- line-numbers -- list PREROUTING-t nat | grep dpt: http | awk '{print $1 }')
Do
LINES = "$ line_num $ LINES"
Done
For line in $ LINES
Do
Iptables-t nat-d prerouting $ line
Done
Unset LINES

# Make a new binding
Iptables-t nat-a prerouting-p tcp -- dport 80-j REDIRECT -- to-port $1
Echo "Port 80 is bound with $1! "
Exit 1
Fi
Fi
Fi
Echo "Please input one port number! "

You only need to save the above Code as a file (such as bind80) and add the execution permission. Use the following command to clear the previous records and bind the new port for forwarding:
Copy the Code as follows:
Sudo bind80 port number