Date: Fri, 2 Feb 2001 21:33:07 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Peter Coates <peter@newnet.co.uk> Cc: Christoph Sold <so@server.i-clue.de>, ipfw@FreeBSD.ORG Subject: Re: Unprivileged Access to Ports <1024 (was Re: freebsd-ipfw@FreeBSD.org) Message-ID: <20010202213307.C91447@rfx-216-196-73-168.users.reflex> In-Reply-To: <3A7B369F.2E9922F8@newnet.co.uk>; from peter@newnet.co.uk on Fri, Feb 02, 2001 at 10:37:19PM %2B0000 References: <3A79D919.53061763@i-clue.de> <20010202142940.V91447@rfx-216-196-73-168.users.reflex> <3A7B369F.2E9922F8@newnet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 02, 2001 at 10:37:19PM +0000, Peter Coates wrote: > "Crist J. Clark" wrote: > > > > On Thu, Feb 01, 2001 at 10:46:01PM +0100, Christoph Sold wrote: > > > Hi folks, > > > > > > for the first time, I need to do some redirect: > > > > > > On a box with a single interface I want to run an untrusted application > > > on port 23. I know, I can run it suid root, but i did not want to for > > > obvious reasons. > > > > > > Q: How to redirect from interface ed0, port 80, to the very same > > > machine, untrusted port, e.g. 1234? > > > > I coulda sworn there was a sysctl knob to turn off the rather outdated > > behavor that restricts opening ports <1024 to root. However, I cannot > > seem to find such a thing. Am I imagining things? > > -- > > Crist J. Clark cjclark@alum.mit.edu > > There is: > > net.inet.ip.portrange.lowfirst: 1023 > net.inet.ip.portrange.first: 1024 > > They sounds along the right lines. I'm not sure what they do mind ;-) They tell the OS what ranges of ports to choose from for ephemeral ports. It does not change any permissions. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010202213307.C91447>