Port Forwarding on Linux: Redirecting Port 80 to Another Local Port Without NAT


2 views

When you need to redirect traffic from port 80 to another port on the same Linux machine, traditional NAT solutions might not be available or appropriate. This commonly occurs when:

  • Running multiple web services on different ports
  • Developing applications that need to avoid root privileges for port 80
  • Maintaining legacy systems with port requirements

For modern Linux systems, iptables provides the most robust solution:


# Enable port forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Redirect port 80 to 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

# Make the change persistent
sudo apt-get install iptables-persistent  # Debian/Ubuntu
sudo service iptables-persistent save

When iptables isn't available or feasible, socat offers a flexible alternative:


# Install socat if needed
sudo apt-get install socat

# Forward port 80 to 8080
socat TCP4-LISTEN:80,fork TCP4:localhost:8080

Create a reliable auto-start service:


# /etc/systemd/system/portforward.service
[Unit]
Description=Port 80 to 8080 Forwarder
After=network.target

[Service]
ExecStart=/usr/bin/socat TCP4-LISTEN:80,fork TCP4:localhost:8080
Restart=always

[Install]
WantedBy=multi-user.target

Modern systems with firewalld can implement this with:


sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
sudo firewall-cmd --runtime-to-permanent
  • Check for port conflicts: sudo netstat -tulnp | grep :80
  • Verify SELinux context if applicable
  • Ensure proper user permissions for the target port

When you need to redirect incoming traffic from port 80 to another port on the same Linux machine, traditional NAT solutions might not always be available. This becomes particularly relevant when working with:

  • Development environments where multiple services need port 80 access
  • Legacy applications that can't be reconfigured to use alternative ports
  • Containerized environments with port conflicts

Here are three reliable methods to achieve port redirection on the same host:

1. Using iptables (Most Common Approach)

# First, allow traffic on port 80
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# Then redirect to your target port (e.g., 8080)
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

# For local connections add this rule too
sudo iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080

2. Leveraging socat (Simple Alternative)

When iptables isn't available or suitable, socat provides a straightforward solution:

sudo apt-get install socat  # Debian/Ubuntu
sudo yum install socat      # RHEL/CentOS

# Basic port forwarding
socat TCP-LISTEN:80,fork TCP:localhost:8080

3. Using nginx as Reverse Proxy

For more complex scenarios, nginx offers robust redirection:

server {
    listen 80;
    server_name localhost;
    
    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

For iptables rules to survive reboots:

# Save current rules
sudo iptables-save > /etc/iptables.rules

# Restore at boot (add to /etc/rc.local)
iptables-restore < /etc/iptables.rules

Check if your redirection works:

# Check listening ports
sudo netstat -tulnp | grep ':80'

# Test with curl
curl -I http://localhost

Common issues to check:

  • Firewall blocking the original or target port
  • SELinux/AppArmor restrictions
  • Services already bound to port 80