Binding Squid to reserved port (was: mac_portacl)
artifact.one at googlemail.com
Fri Oct 20 09:39:07 PDT 2006
On 20/10/06, Nikolay Pavlov <quetzal at zone3000.net> wrote:
> On Friday, 20 October 2006 at 16:57:06 +0200, Fabian Keil wrote:
> > Nikolay Pavlov <quetzal at zone3000.net> wrote:
> > > I am trying to implement reverse proxy using squid with mac_portacl,
> > > but i have problem while binding squid to port 80.
> > > Am i missed something?
> > >
> > > Here is my mac_portacl variables:
> > >
> > > # sysctl security.mac.portacl.
> > > security.mac.portacl.enabled: 1
> > > security.mac.portacl.suser_exempt: 1
> > > security.mac.portacl.autoport_exempt: 1
> > > security.mac.portacl.port_high: 1023
> > > security.mac.portacl.rules: uid:100:tcp:80
> > >
The mac_portacl page in the handbook says that you need to disable normal
UNIX bind restrictions on ports. Have you tried this:
# sysctl net.inet.ip.portrange.reservedlow=0
# sysctl net.inet.ip.portrange.reservedhigh=0
More information about the freebsd-security