Vagrant won't forward ONLY port 80

Question

I have port forwarding set up for vagrant

Vagrant.configure("2") do |config|
  config.vm.box = "centOS"
  config.vm.network :forwarded_port, guest: 80, host: 80
  config.vm.network :forwarded_port, guest: 8443, host: 8443
  config.vm.network :forwarded_port, guest: 8443, host: 9443
  config.vm.network :forwarded_port, guest: 8445, host: 8445
  config.vm.network :forwarded_port, guest: 8000, host: 8000 
  config.vm.hostname = "www.vagrant.com"
end

Port 80 is open from my vagrant virtual box

[vagrant@www ~]$ nmap -sT 0.0.0.0 -p 80 

Starting Nmap 5.51 ( http://nmap.org ) at 2013-07-02 22:25 UTC
Nmap scan report for 0.0.0.0
Host is up (0.000063s latency).
PORT   STATE SERVICE
80/tcp open  http

But it is closed from my host machine

Ben-Fischer:~ bfischer$ nmap -sT 0.0.0.0 -p 80 

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-02 17:38 CDT
Nmap scan report for 0.0.0.0
Host is up (0.000086s latency).
PORT   STATE  SERVICE
80/tcp closed http

Nothing else is listening on port 80 on my host machine

Ben-Fischer:~ bfischer$ sudo lsof -n -i4TCP:80 | grep LISTEN
[no output]

Iptables are off and so is my mac firewall

[vagrant@www ~]$ sudo service iptables stop

And all of the other forwarded ports work fine (8443,9443,8445,8000)

The box is an image from vagrant, centOS 6.3 with chef.

So... why can't I connect to port 80 from my local machine?

Answer 1

I don't think you can forward to host ports < 1024, unless VirtualBox is run as root on the host.

The VirtualBox Manual says this about NAT mode limitation:

Forwarding host ports < 1024 impossible:

On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start.

These limitations normally don't affect standard network use. But the presence of NAT has subtle effects that may interfere with protocols which normally work. One example is NFS, where the server is often configured to refuse connections from non-privileged ports (i.e. ports below 1024).

Answer 2

Terry's answer correctly diagnosed the problem. Here's my solution:

Instead of running VirtualBox as root, port forward twice. Set up vagrant to forward host: 8080 to guest: 80. Combine that with some port forwarding rules on the host machine (using the ipfw utility) so that 80 goes to 8080 on the host machine. Then 8080 will get sent back to 80 on the guest machine.

Seems convoluted but this article describes the setup more clearly http://www.dmuth.org/node/1404/web-development-port-80-and-443-vagrant