## The Problem

Standard practices say no non-root process gets to talk to the Internet on a port less than 1024.  How, then, could I get Node talking on port 80 on EC2?  (I wanted it to go as fast as possible and use the smallest possible share of my teeny tiny little micro-instance's resources, so proxying through nginx or Apache seemed suboptimal.)  


## One possibly-right way:

Add a port forwarding rule via `iptables`. 

First, I listed the rules currently running on the NAT (Network Address Translation) table:

    [ec2-user@ip-XX-XXX-XX-X ~]$ sudo iptables -t nat -L

    Chain INPUT (policy ACCEPT)
    target     prot opt source    destination         

    Chain FORWARD (policy ACCEPT)
    target     prot opt source    destination         

    Chain OUTPUT (policy ACCEPT)
    target     prot opt source    destination

I saw nothing, so I felt free to add a rule forwarding packets sent to external port 80 to internal port 8000:

`[ec2-user@ip-XX-XXX-XX-X ~]$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j     REDIRECT --to-ports 8000`

When I listed again, I saw a new PREROUTING chain:

    [ec2-user@ip-XX-XXX-XX-X ~]$ sudo iptables -t nat -L

    Chain PREROUTING (policy ACCEPT)
    target     prot opt source     destination         
    REDIRECT   tcp  --  anywhere   anywhere     tcp dpt:http redir ports 8000 
   
I checked my Node script, which was running on port 8000, and (yes!) it was responding on port 80. 

## Fumbling

During my early attempts I screwed up a bunch of times. I removed busted rules by specifying the right table, the right chain, and the right line number, like so:

    [ec2-user@ip-XX-XXX-XX-X ~]$ sudo iptables -t nat -D PREROUTING 1

This removed the first line from the `PREROUTING` chain in my nat table.