diff --git a/ansible/host_vars/metal-01.he-eu-hel1.nimbus.mainnet.yml b/ansible/host_vars/metal-01.he-eu-hel1.nimbus.mainnet.yml
new file mode 100644
index 0000000..c728ec2
--- /dev/null
+++ b/ansible/host_vars/metal-01.he-eu-hel1.nimbus.mainnet.yml
@@ -0,0 +1,7 @@
+---
+# Communityu test REST API endpoint.
+beacon_node_rest_address: '0.0.0.0'
+
+# WARNING: This will change if number of nodes changes.
+redirect_ports:
+  - { src: 80, dst: 9304, comment: 'Test Beacon API (80->9304/tcp)' }
diff --git a/ansible/host_vars/metal-02.he-eu-hel1.nimbus.mainnet.yml b/ansible/host_vars/metal-02.he-eu-hel1.nimbus.mainnet.yml
new file mode 100644
index 0000000..f32d2c7
--- /dev/null
+++ b/ansible/host_vars/metal-02.he-eu-hel1.nimbus.mainnet.yml
@@ -0,0 +1,7 @@
+---
+# Communityu test REST API endpoint.
+beacon_node_rest_address: '0.0.0.0'
+
+# WARNING: This will change if number of nodes changes.
+redirect_ports:
+  - { src: 80, dst: 9302, comment: 'Test Beacon API (80->9302/tcp)' }
diff --git a/ansible/mainnet.yml b/ansible/mainnet.yml
index 27c3df8..cfa64bd 100644
--- a/ansible/mainnet.yml
+++ b/ansible/mainnet.yml
@@ -23,6 +23,7 @@
   become: true
   hosts: nimbus-mainnet-metal
   roles:
+    - { role: redirect-ports,               tags: [ redirect-ports ] }
     - { role: get-geth-web3-urls,           tags: [ get-geth-web3-urls ] }
   tasks:
     - include_role: name=infra-role-beacon-node-linux
diff --git a/ansible/requirements.yml b/ansible/requirements.yml
index f477fbc..7aacbb7 100644
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -16,7 +16,7 @@
 
 - name: infra-role-bootstrap-linux
   src: git@github.com:status-im/infra-role-bootstrap-linux.git
-  version: 1c3598d71f948763d327e6bb81a5f9a3cdf5c063
+  version: 2468bfb373dd071a7ab7a068cdcc59472fd76a05
   scm: git
 
 - name: infra-role-bootstrap-windows
diff --git a/ansible/roles/redirect-ports/README.md b/ansible/roles/redirect-ports/README.md
new file mode 100644
index 0000000..f79a860
--- /dev/null
+++ b/ansible/roles/redirect-ports/README.md
@@ -0,0 +1,20 @@
+# Description
+
+This role configures port redirects using [iptables](https://linux.die.net/man/8/iptables).
+
+# Configuration
+
+You can redirect multiple ports:
+```yaml
+redirect_ports:
+  - { src:  80, dst: 8080, comment: 'XYZ Service HTTP' }
+  - { src: 443, dst: 8443, comment: 'XYZ Service HTTPS' }
+```
+All configured ports are opened in the `SERVICES` chain and redirected using `PREROUTING` chain in the `nat` table:
+```
+ > sudo iptables -L PREROUTING -t nat   
+Chain PREROUTING (policy ACCEPT)
+target     prot opt source               destination         
+REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http  /* XYZ Service HTTP */ redir ports 8080
+REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https /* XYZ Service HTTPS */ redir ports 8443
+```
diff --git a/ansible/roles/redirect-ports/defaults/main.yml b/ansible/roles/redirect-ports/defaults/main.yml
new file mode 100644
index 0000000..d468f22
--- /dev/null
+++ b/ansible/roles/redirect-ports/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+redirect_ports: []
+#  - { src: 80, dst: 8080 }
diff --git a/ansible/roles/redirect-ports/handlers/main.yml b/ansible/roles/redirect-ports/handlers/main.yml
new file mode 100644
index 0000000..bd6da46
--- /dev/null
+++ b/ansible/roles/redirect-ports/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4
diff --git a/ansible/roles/redirect-ports/tasks/main.yml b/ansible/roles/redirect-ports/tasks/main.yml
new file mode 100644
index 0000000..570d2c2
--- /dev/null
+++ b/ansible/roles/redirect-ports/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: 'Enable redirected {{ item.dst }} port'
+  iptables:
+    comment: '{{ item.comment | default("Open {{ item.dst }}") }}'
+    chain: 'SERVICES'
+    jump: 'ACCEPT'
+    source: '0.0.0.0/0'
+    protocol: '{{ item.protocol | default("tcp") }}'
+    destination_port: '{{ item.dst | string | mandatory }}'
+  with_items: '{{ redirect_ports }}'
+  notify:
+    - Save iptables rules
+    
+- name: 'Redirect {{ item.src }} to {{ item.dst }}'
+  iptables:
+    comment: '{{ item.comment | default("Redirect {{ item.src }} to {{ item.dst }}") }}'
+    table: 'nat'
+    chain: 'PREROUTING'
+    jump: 'REDIRECT'
+    action: insert
+    protocol: '{{ item.protocol | default("tcp") }}'
+    match: '{{ item.protocol | default("tcp") }}'
+    destination_port: '{{ item.src | string | mandatory }}'
+    to_ports: '{{ item.dst | string | mandatory }}'
+    in_interface: '{{ ansible_default_ipv4.interface }}'
+  with_items: '{{ redirect_ports }}'
+  notify:
+    - Save iptables rules
diff --git a/mainnet.tf b/mainnet.tf
index 26174a2..4e50449 100644
--- a/mainnet.tf
+++ b/mainnet.tf
@@ -21,6 +21,23 @@ module "nimbus_nodes_mainnet_hetzner" {
   ]
 }
 
+/* Community test REST API endpoints. */
+resource "cloudflare_record" "unstable_mainnet_beacon_api" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "unstable.mainnet.beacon-api"
+  value   = module.nimbus_nodes_mainnet_hetzner.public_ips[0]
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "testing_mainnet_beacon_api" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "testing.mainnet.beacon-api"
+  value   = module.nimbus_nodes_mainnet_hetzner.public_ips[1]
+  type    = "A"
+  proxied = false
+}
+
 /* WARNING: These are bootnodes and losing their IPs and private keys would be bad. */
 module "nimbus_nodes_mainnet_stable_small" {
   source = "github.com/status-im/infra-tf-amazon-web-services"
@@ -48,4 +65,3 @@ module "nimbus_nodes_mainnet_stable_small" {
   secgroup_id  = module.nimbus_network.secgroup.id
   keypair_name = aws_key_pair.jakubgs.key_name
 }
-