A customer wanted to run Emby Media Server on ports:
When these ports were configured inside of the config (/var/lib/emby/config/system.xml) the service would not startup.
This was because Emby Media Server runs as its own user (emby) and short ports like 80 and 443 are reserved for users with escalated privileges.
Instead of running the Emby Media Server as another user which could be risky the following iptables rules were applied:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8096
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8920
What these rules do is create a nat which forwards all http traffic to port 8096 and all https traffic to port 8920.
This now means the friendly URL can be loaded in the browser rather than URL's which uncommon ports.
When the server restarts these rules will be lost. To prevent this we save the rules to a file using the following:
iptables-save > /etc/iptables.conf
Then we added the following to /etc/rc.local to restore these rules on reboot:
iptables-restore < /etc/iptables.conf