linux配置端口映射

在使用非root使用者啟動tomcat時，如果tomcat配置為80端口，會報Permission denied錯誤，如：

an 07, 2016 12:19:47 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-80"]
Jan 07, 2016 12:19:47 PM org.apache.coyote.AbstractProtocol init
SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-80"
]
java.net.BindException: Permission denied <null>:80
	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:411)
	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:640
)
	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:434)
	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11Jss
eProtocol.java:119)
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:978)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
	at org.apache.catalina.core.StandardService.initInternal(StandardService.java
:559)           

在網上查詢後，把tomcat改回8080端口，然後配置linux端口映射80到8080端口。

配置方式一、指令行方式。

（1）配置映射

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080           

（2）儲存配置。如果不儲存，重新開機後此映射将失效

service iptables save           

配置方式二、修改/etc/sysconfig/iptables檔案，修改後要執行 service iptables restart重新開機防火牆。配置如：

# Generated by iptables-save v1.4.7 on Thu Jan  7 12:37:28 2016
*nat
:PREROUTING ACCEPT [687:71239]
:POSTROUTING ACCEPT [2:124]
:OUTPUT ACCEPT [2:124]
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
# Completed on Thu Jan  7 12:37:28 2016
# Generated by iptables-save v1.4.7 on Thu Jan  7 12:37:28 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [145:11884]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited