Knowledge Base

Browse our knowledge base for free solutions to common problems

Port Redirection / Local Forwarding Using iptables Linux

Created On: 14 September 2022
Written by: Ben

Scenario

A customer wanted to run Emby Media Server on ports:

  • http: 80
  • https: 443

When these ports were configured inside of the config (/var/lib/emby/config/system.xml) the service would not startup.

This was because Emby Media Server runs as its own user (emby) and short ports like 80 and 443 are reserved for users with escalated privileges.

Solution

Instead of running the Emby Media Server as another user which could be risky the following iptables rules were applied:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8096
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8920

What these rules do is create a nat which forwards all http traffic to port 8096 and all https traffic to port 8920.

This now means the friendly URL can be loaded in the browser rather than URL's which uncommon ports.

When the server restarts these rules will be lost. To prevent this we save the rules to a file using the following:

iptables-save > /etc/iptables.conf

Then we added the following to /etc/rc.local to restore these rules on reboot:

iptables-restore < /etc/iptables.conf
ICTU LTD is a company registered England and Wales (Company No. 09344913) 15 Queen Square, Leeds, West Yorkshire, England, LS2 8AJ
Copyright © 2024 ICTU LTD, All Rights Reserved.
exit