On Sep 18, 2009, at 1:39 PM, Andrey Moskvitin wrote:

> So I was wondering if anybody else got this
> configuration to work on port 80 and could share their experience with
> me please.

http://lisper.ru/apps/format/15 - this script starts sbcl-daemon (pure lisp, without GNU Screen, detachtty and etc.), which runs hunchentoot on port 80 after the rejection of root privileges. Required libcap2. Tested on Gentoo and Debian.

Another alternative is to use iptables to route requests for port 80 to another port (8080, in my configuration). Here's my /etc/sysconfig/iptables:

# Generated by iptables-save v1.3.5

*nat

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to :8080

COMMIT

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [190:23308]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p esp -j ACCEPT

-A RH-Firewall-1-INPUT -p ah -j ACCEPT

-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4005 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4242 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

Regards,

Patrick