Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.
The long answer: you can redirect connections on port 80 to some other port you can open as normal user.
Run as root:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):
# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).
EDIT: as per comment question - to delete the above rule:
# iptables -t nat --line-numbers -n -L
This will output something like:
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 redir ports 8088
2 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 8080
The rule you are interested in is nr. 2, so to delete it:
# iptables -t nat -D PREROUTING 2
"Connection timed out" sounds like a firewall issue. Try breaking down the connection into the individual steps performed at the network level:
- ping -n $HOSTNAME
- telnet $IP_ADDRESS 22
The ping will test the resolution of the name into an IP and that you can ping that host. If you can ping it, you know you have network connectivity to it. Though not being able to ping it does not mean that you don't have connectivity to it, as pings could be filtered out.
Use the IP address from the ping in the telnet and telnet to the SSH port. If that takes many seconds and reports "Connection timed out", it really does seem like there's a firewall in the way.
As you say, if tcpwrappers was the problem it would likely be as "connection closed unexpectedly" result. If SSH for some reason isn't running, you would get a "connection refused" error.
If you have root access on the server, check the host firewall with iptables-save | less
(or similar if it's not Linux). If it's not there, you'll probably need to have whoever runs the networking check firewalls that may exist there.
If iptables-save
returns nothing, it may mean that you aren't running it as root. However, it may also mean that there are no rules. If, however, it returns 20 or more lines of output, there is probably a firewall in place.
You can add a temporary firewall allow rule, so you can test to see if the firewall is an issue, by running:
iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
That would probably allow a ssh connection unless there is some deeper problem with the firewall like a bad NAT rule which is more difficult to diagnose. You could try disabling the firewall with a command like (Fedora/CentOS/RHEL) "sudo service iptables stop" (Debian/Ubuntu) "sudo ufw disable" (though on Debian/Ubuntu you may be running something other than ufw, there's no "standard" that I know of).
That said, one thing you might want to consider is setting up a VPN. That way it wouldn't matter what your remote IP is, you would use certificates or keys to authenticate the VPN connection, and then get a static IP address on the VPN that could be allowed in the firewall and TCP wrappers.
Best Answer
Is SSH protocol/port being allowed in the server's firewall config?
Is the SSH daemon running on the server?
do you have the correct login details (password/keys)?