Re: Binding Squid to reserved port (was: mac_portacl)

看板FB_security作者freebsd-lis.時間19年前 (2006/10/20 22:58)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/4 (看更多)

--Sig_WmVHc9lIpWONUSGCyejokcC Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Nikolay Pavlov <quetzal@zone3000.net> wrote: > I am trying to implement reverse proxy using squid with mac_portacl,=20 > but i have problem while binding squid to port 80. > Am i missed something? >=20 > Here is my mac_portacl variables: >=20 > # sysctl security.mac.portacl. > security.mac.portacl.enabled: 1 > security.mac.portacl.suser_exempt: 1 > security.mac.portacl.autoport_exempt: 1 > security.mac.portacl.port_high: 1023 > security.mac.portacl.rules: uid:100:tcp:80 >=20 > And squid user info: >=20 > # grep squid /etc/passwd > squid:*:100:100:squid caching-proxy pseudo > user:/usr/local/squid:/usr/sbin/nologin >=20 > Also here is cache.log: >=20 > 2006/10/20 09:55:59| Starting Squid Cache version 2.5.STABLE14 for > i386-portbld-freebsd6.1... > 2006/10/20 09:55:59| Process ID 6584 > 2006/10/20 09:55:59| With 11072 file descriptors available > 2006/10/20 09:55:59| DNS Socket created at 0.0.0.0, port 59879, FD 5 > 2006/10/20 09:55:59| Adding nameserver 206.53.60.10 from > /etc/resolv.conf > 2006/10/20 09:55:59| User-Agent logging is disabled. > 2006/10/20 09:55:59| Unlinkd pipe opened on FD 10 > 2006/10/20 09:55:59| Swap maxSize 102400000 KB, estimated 7876923 > objects > 2006/10/20 09:55:59| Target number of buckets: 393846 > 2006/10/20 09:55:59| Using 524288 Store buckets > 2006/10/20 09:55:59| Max Mem size: 1048576 KB > 2006/10/20 09:55:59| Max Swap size: 102400000 KB > 2006/10/20 09:55:59| Rebuilding storage in /cache (DIRTY) > 2006/10/20 09:55:59| Using Least Load store dir selection > 2006/10/20 09:55:59| Set Current Directory to /usr/local/squid/cache > 2006/10/20 09:55:59| Loaded Icons. > 2006/10/20 09:55:59| commBind: Cannot bind socket FD 12 to *:80: (13) > Permission denied > FATAL: Cannot open HTTP Port > Squid Cache (Version 2.5.STABLE14): Terminated abnormally. > CPU Usage: 0.035 seconds =3D 0.000 user + 0.035 sys > Maximum Resident Size: 9528 KB > Page faults with physical i/o: 0 I assume you aren't starting Squid with root privileges? If you aren't, you'll have to lower: net.inet.ip.portrange.reservedhigh if you want it to bind to port 80. I don't use mac_portacl, but from the name I assume security.mac.portacl.port_high does something similar. Port redirection with your packet filter of choice would be another option. Followup-To: freebsd-questions@freebsd.org set. Fabian --=20 http://www.fabiankeil.de/ --Sig_WmVHc9lIpWONUSGCyejokcC Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFOOPJBYqIVf93VJ0RAmz+AKC0iPj/Q8QAoU/RXDuYp5YA4TH0/QCgl22Z 0E1PET2k3oTrQ/X6phmjEiY= =4q2H -----END PGP SIGNATURE----- --Sig_WmVHc9lIpWONUSGCyejokcC--

‣ 返回看板[ FB_security ] BSD

‣ 更多 freebsd-lis. 的文章

文章代碼(AID): #15EEGZ00 (FB_security)