Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Feb 2001 22:37:19 +0000
From:      Peter Coates <peter@newnet.co.uk>
To:        cjclark@alum.mit.edu
Cc:        Christoph Sold <so@server.i-clue.de>, ipfw@FreeBSD.ORG
Subject:   Re: Unprivileged Access to Ports <1024 (was Re:  freebsd-ipfw@FreeBSD.org)
Message-ID:  <3A7B369F.2E9922F8@newnet.co.uk>
References:  <3A79D919.53061763@i-clue.de> <20010202142940.V91447@rfx-216-196-73-168.users.reflex>

next in thread | previous in thread | raw e-mail | index | archive | help
"Crist J. Clark" wrote:
> 
> On Thu, Feb 01, 2001 at 10:46:01PM +0100, Christoph Sold wrote:
> > Hi folks,
> >
> > for the first time, I need to do some redirect:
> >
> > On a box with a single interface I want to run an untrusted application
> > on port 23. I know, I can run it suid root, but i did not want to for
> > obvious reasons.
> >
> > Q: How to redirect from interface ed0, port 80, to the very same
> > machine, untrusted port, e.g. 1234?
> 
> I coulda sworn there was a sysctl knob to turn off the rather outdated
> behavor that restricts opening ports <1024 to root. However, I cannot
> seem to find such a thing. Am I imagining things?
> --
> Crist J. Clark                           cjclark@alum.mit.edu

There is: 

net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.first: 1024

They sounds along the right lines. I'm not sure what they do mind ;-)

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A7B369F.2E9922F8>