Re: allow process or user to listen on priviledged ports?
From: Eric
Date: Wed Dec 24 2003 - 17:04:44 EST
On Wednesday 24 December 2003 03:34 pm, Adam Sampson wrote:
> Sven Köhler <skoehler@xxxxxx> writes:
> > So is there any machanism to bind that permission (to listen on a
> > priviledged tcp-port) to a specific user or a specific process?
>
> Even if you can't find a way to do this, you can cheat: use an
> iptables DNAT rule to translate connections to the desired port into
> connections to a non-privileged port upon which your daemon is
> actually listening. Something like:
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 1.2.3.4:8080
Not to be too picky, but I think the redirect target is better suited for
this. I haven't seen the source, but I assume it will be more efficient
because it knows the destination is the local machine.
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 22
-------------------------
Eric Bambach
Eric at cisu dot net
-------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/