Follow me on Twitter for my latest adventures!
Here's a quick tutorial on how to make unprivileged programs listen on privileged ports. The trick here is to make the unprivileged program to listen on an unprivileged port and redirect the privileged port to the unprivileged through iptables.
Here's a concrete example. Let's say you want to run a web server (on port 80) but don't want to run it as root as it has security implications. What you do instead is run your web server on port 8080 (or any other unprivileged port) and redirect port 80 to 8080 with iptables.
You'll need at least 2 iptables rules to set it up. The first rule will redirect all incoming traffic on all public interfaces from port 80 to port 8080:
iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 8080
The second rule will redirect all localhost traffic from port 80 to port 8080:
iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080
You might also need a third rule that will redirect all localhost traffic directed to the public IP (or hostname) of the service:
iptables -t nat -I OUTPUT -p tcp -d hostname.com --dport 80 -j REDIRECT --to-ports 8080
If you're unfamiliar with iptables, see the the frozen tux iptables tutorial. It's the best iptables tutorial out there.