How do I configure SNAT on IPTables

June 16, 2014 4k views
EmperorEarth
By:
EmperorEarth
Goal (for if you have a better solution than my idea): Securely host a purely golang backend webapp on a domain that people don't have to type ":port number" to access. My current situation: I am learning golang, and want to create a golang http-server. (Yes, I know about nginx & reverse-proxy) Right now, my golang's web servers are serving on nonprivileged ports, e.g. 8080, instead of port: 80. (I'd like not to run the golang http server as root to run on a privileged port, but that's just me) I was wanting my golang http server to serve to port 8080 , and have the IPTables monitor port 80 and redirect port 80 requests to my golang server @ 8080 via SNAT. Hopefully I'm making myself clear. I've read some documentation on it, but I'm better at learning by example. Also, with everything on one droplet, I don't need the entire address SNAT'd, just the ports. Relevant environment info: Ubuntu 14.04 x64 golang 1.2.2 putty as my ssh client limited ubuntu xp
Log In to Comment
3 Answers
EmperorEarth October 13, 2016
Accepted Answer

setcap 'cap_net_bind_service=+ep' /path/to/binary

  1. This command needs to be escalated. sudo as necessary
  2. Every new version of your program will result in a new binary that will need to be reauthorized by setcap

setcap documentation
cap_net_bind_service documentation

Reply
EmperorEarth June 16, 2014
Here's a temporary solution I worked out: Enter the following into console: sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 Source was: http://serverfault.com/questions/112795/how-can-i-run-a-server-on-linux-on-port-80-as-a-normal-user
Reply
EmperorEarth July 21, 2014

Still haven't received a more elegant solution.

I have SSL needs now too, so add a line into console:
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 10443

Reply
Have another answer? Share your knowledge.