<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>On Sep 18, 2009, at 1:39 PM, Andrey Moskvitin wrote:</div><blockquote type="cite">> So I was wondering if anybody else got this<br>> configuration to work on port 80 and could share their experience with<br>> me please.<br><br><a href="http://lisper.ru/apps/format/15">http://lisper.ru/apps/format/15</a> - this script starts sbcl-daemon (pure lisp, without GNU Screen, detachtty and etc.), which runs hunchentoot on port 80 after the rejection of root privileges. Required libcap2. Tested on Gentoo and Debian. <br></blockquote><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Another alternative is to use iptables to route requests for port 80 to another port (8080, in my configuration). Here's my /etc/sysconfig/iptables:</div><div><br></div><div><div># Generated by iptables-save v1.3.5</div><div>*nat</div><div>:PREROUTING ACCEPT [0:0]</div><div>:POSTROUTING ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [0:0]</div><div>-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to :8080</div><div>COMMIT</div><div>*filter</div><div>:INPUT ACCEPT [0:0]</div><div>:FORWARD ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [190:23308]</div><div>:RH-Firewall-1-INPUT - [0:0]</div><div>-A INPUT -j RH-Firewall-1-INPUT </div><div>-A FORWARD -j RH-Firewall-1-INPUT </div><div>-A RH-Firewall-1-INPUT -i lo -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p esp -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p ah -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4005 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4242 -j ACCEPT </div><div>-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited </div><div>COMMIT</div><div><br></div><div>Regards,</div><div><br></div><div>Patrick</div><div><br></div></div></div></body></html>