Date: Fri, 20 Oct 2006 17:38:59 +0100 From: "mal content" <artifact.one@googlemail.com> To: "Nikolay Pavlov" <quetzal@zone3000.net>, "Fabian Keil" <freebsd-listen@fabiankeil.de>, freebsd-security@freebsd.org Subject: Re: Binding Squid to reserved port (was: mac_portacl) Message-ID: <8e96a0b90610200938j21dab6d6h42b64e2193504eee@mail.gmail.com> In-Reply-To: <20061020162343.GA27287@zone3000.net> References: <20061020140456.GA25717@zone3000.net> <20061020165706.367b0302@localhost> <20061020162343.GA27287@zone3000.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20/10/06, Nikolay Pavlov <quetzal@zone3000.net> wrote: > On Friday, 20 October 2006 at 16:57:06 +0200, Fabian Keil wrote: > > Nikolay Pavlov <quetzal@zone3000.net> wrote: > > > > > I am trying to implement reverse proxy using squid with mac_portacl, > > > but i have problem while binding squid to port 80. > > > Am i missed something? > > > > > > Here is my mac_portacl variables: > > > > > > # sysctl security.mac.portacl. > > > security.mac.portacl.enabled: 1 > > > security.mac.portacl.suser_exempt: 1 > > > security.mac.portacl.autoport_exempt: 1 > > > security.mac.portacl.port_high: 1023 > > > security.mac.portacl.rules: uid:100:tcp:80 > > > The mac_portacl page in the handbook says that you need to disable normal UNIX bind restrictions on ports. Have you tried this: # sysctl net.inet.ip.portrange.reservedlow=0 # sysctl net.inet.ip.portrange.reservedhigh=0 MC
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8e96a0b90610200938j21dab6d6h42b64e2193504eee>