很多時候，tomcat是非root賬號，直接將8080改成80，tomcat會報錯 Java.NET.SocketException: Permission denied。原因是非root使用者不能訪問1024一下的埠。

為了解決這種問題，有方法如下：1.將當前使用者配置到sudo規則裡面（待驗證）；2.再起一個apache，通過apache路由；3.通過iptable重定向。

下面將按照

Mar 14, 2017 9:56:15 AM winstone.Logger logInternal
SEVERE: Container startup failed
java.io.IOException:
 
 Failed to start Jetty
        at winstone.Launcher.<init>(Launcher.java:154)
        at winstone.Launcher.main(Launcher.java:352)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect
 
.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at Main._main(Main.java:264)
        at Main.main(Main.java:112)
Caused by: java.net.SocketException: Permission denied
        at sun.nio.ch.Net.bind0(Native Method)
        at sun.nio
 
.ch.Net.bind(Net.java:433)
        at sun.nio.ch.Net.bind(Net.java:425)
        at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
        at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
        at org.eclipse.jetty.server.ServerConnector.open(ServerConnector.java:321)
        at org.eclipse.jetty.server.AbstractNetworkConnector.doStart(AbstractNetworkConnector.java:80)
        at org.eclipse.jetty.server.ServerConnector.doStart(ServerConnector.java:236)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at org.eclipse.jetty.server.Server.doStart(Server.java:366)
        at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
        at winstone.Launcher.<init>(Launcher.java:152)
        ... 7 more

安裝iptable，我的是阿里雲伺服器，iptable包已經安裝，但是在lsmod |grep iptable裡面找不到，需要自己載入。

rpm -qa|grep iptable

iptables-1.4.7-11.el6.x86_64
iptables-ipv6-1.4.7-11.el6.x86_64

先將tomcat需要的埠，以及80埠在iptable裡面開出來，然後service iptables restart，service iptables status檢視一下。
再將80重定向到8080

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080
service iptables save

service iptables restart

輸入ip驗證一下，看看web應用是否可以直接訪問。

[html] view plain copy 在CODE上檢視程式碼片派生到我的程式碼片

cat /etc/sysconfig/iptables

Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016

*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080
COMMIT

Completed on Mon Aug 22 10:00:58 2016

Generated by iptables-save v1.4.7 on Mon Aug 22 10:00:58 2016

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [85:8850]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8005 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8009 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT

Completed on Mon Aug 22 10:00:58 2016

https://help.aliyun.com/knowledge_detail/41315.html
雲伺服器ECS Linux iptables 關聯預設載入異常導致啟動報錯： modules are not loaded

問題現象

啟動或者關閉防火牆沒任何的提示以及報錯，檢視防火牆的執行狀態出現類似如下錯誤：

iptables: Firewall modules are not loaded.
問題原因

iptables 服務的依賴模組沒有載入導致啟動的時候失敗。

解決方法

iptables 服務的執行依賴 iptable_filter 和 ip_tables 2個模組，可以使用 lsmod |grep iptable 命令檢視：

lsmod |grep iptable
如果模組丟失，則使用下面命令重新載入，然後重啟服務驗證：

modprobe ip_tables

modprobe iptable_filter