How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
Jun 6 11:18:08 ngircd[4605]: Can't bind socket to address 0.0.0.0:443 - Permission denied Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6666 (socket 8). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6667 (socket 9). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6668 (socket 10). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6669 (socket 11).
Nothing else is using port 443 on my machine either. The command below returns nothing. sudo netstat -lntup | grep 443
Can this be done with ngircd?
Thanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2013-06-06 20:05, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
Jun 6 11:18:08 ngircd[4605]: Can't bind socket to address 0.0.0.0:443 http://0.0.0.0:443 - Permission denied Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6666 (socket 8). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6667 (socket 9). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6668 (socket 10). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6669 (socket 11).
Nothing else is using port 443 on my machine either. The command below returns nothing. sudo netstat -lntup | grep 443
Can this be done with ngircd?
Thanks
Ports below 1024 are usually reserved and require super user privileges to be allocated. Check out authbind to give your ngircd process authorisation to listen on port 443. I know of no other limitations so that should be it!
authbind should be in your package manager by that name in any common Linux-based operating system.
// jwalck
On Thu, Jun 06, 2013 at 02:05:40PM -0400, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
You can't.
ngIRCd drops root privileges when starting up and before binding any ports. But root privileges are required to use ports <1024. Therefore this isn't possible, you must use port(s) >=1024.
And no: it isn't an option to drop privileges after binding the port(s), because then reloading the confiuration on runtime would fail anyway ...
Regards Alex
On Fri, Jun 07, 2013 at 11:22:57AM +0200, Alexander Barton wrote:
On Thu, Jun 06, 2013 at 02:05:40PM -0400, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
You can't.
ngIRCd drops root privileges when starting up and before binding any ports. But root privileges are required to use ports <1024. Therefore this isn't possible, you must use port(s) >=1024.
A work-around might be to use stunnel https://www.stunnel.org/index.htm (plus, if needed a suitable IPTables &c ruleset).
On 06/06/2013 02:05 PM, Xenophod wrote:
I tried adding 443 to the listening ports, but I get a Permission denied message.
Everything everyone already said about low ports being reserved is true. On a Linux host, you can use the capabilities system to give a program permission to listen on these lower ports, without giving them full root access. The command will look something like:
|# setcap "cap_net_bind_service=+ep" /usr/local/sbin/ngircd|
See the setcap man page for details. After you do this, you'll be able to start your daemon on reserved ports.
Hope this helps,
Thank you everyone. I have lots of ideas on how to allow ngircd (or any other application) to listen on port 443.
I went with using setcap to allow ngircd access to ports below 1024 and it works. Thanks!
I keep forgetting about the power of iptables as well. I'll jot that down in my notebook for future reference.
On Fri, Jun 7, 2013 at 9:41 AM, Brett Smith brett@w3.org wrote:
On 06/06/2013 02:05 PM, Xenophod wrote:
I tried adding 443 to the listening ports, but I get a Permission denied message.
Everything everyone already said about low ports being reserved is true. On a Linux host, you can use the capabilities system to give a program permission to listen on these lower ports, without giving them full root access. The command will look something like:
# setcap "cap_net_bind_service=+ep" /usr/local/sbin/ngircd
See the setcap man page for details. After you do this, you'll be able to start your daemon on reserved ports.
Hope this helps,
-- Brett Smith
-
Adam McGreggor -
Alexander Barton -
Brett Smith -
irosaurus@gmx.net -
Jonatan Walck -
Xenophod