How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks I tried adding 443 to the listening ports, but I get a Permission denied message. Jun 6 11:18:08 ngircd[4605]: Can't bind socket to address 0.0.0.0:443 - Permission denied Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6666 (socket 8). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6667 (socket 9). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6668 (socket 10). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6669 (socket 11). Nothing else is using port 443 on my machine either. The command below returns nothing. sudo netstat -lntup | grep 443 Can this be done with ngircd? Thanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2013-06-06 20:05, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
Jun 6 11:18:08 ngircd[4605]: Can't bind socket to address 0.0.0.0:443 <http://0.0.0.0:443> - Permission denied Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6666 (socket 8). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6667 (socket 9). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6668 (socket 10). Jun 6 11:18:08 ngircd[4605]: Now listening on [0.0.0.0]:6669 (socket 11).
Nothing else is using port 443 on my machine either. The command below returns nothing. sudo netstat -lntup | grep 443
Can this be done with ngircd?
Thanks
Ports below 1024 are usually reserved and require super user privileges to be allocated. Check out authbind to give your ngircd process authorisation to listen on port 443. I know of no other limitations so that should be it! authbind should be in your package manager by that name in any common Linux-based operating system. // jwalck -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRsaBgAAoJEFwg9i9GDX+nTYwQAJ+RQjWLPcsOmvlGe3Q/Yiq2 hU/AnowfP2wf5kmTvDIPPNoo20Na6xZ2v/LeB7gFoBf5y2kA83xItPjmKUjuql+d McQXCN8kqeHM+ghIC71flyYFX61TQYDLt9ymzgqvPQFU7Zg0Y7uMf7ss7Xt8hWkF /m3VzAUg5dYv138QLc46zb6ealxSb8P1SxHd3SJ2Mt4ncc3qoEBet8zH8lfK7Ivr Em46/S+4GuiksNuzPaDojBdaRbolr4zmDynN4aKYntg81soayeFT4rvJsgKL5ZjM 1i9fP/00iTydcVmVsJgV43tbqMILfsCP81AF4fz9lfkE/8vO61bk6MW3mzI6Cd/L AnyR5UWtw6C47N+71uauE3Am6GPF0YiBi61iOv0mzlEAqqh2/c5YjjJD5ZtN1V9K JUAXoWWDi+nkINom6BcbHFm29/hZ37m127WCswyKcE4FZNVWc8YMQBSS87ZVAoXC 8VpTnunYs0VWAUIGjIKcXtIDoFkIixsnFfLYx+o2vnOHoQI+Zwkbx3tT8TI9rHG7 TGJeGhugHlpCJlB4Pm8ojV1NajmX6gAHqZ3jdp4lLaX/yGK2leZl4eRJGvx1oyUk S2kR880lg4itH3PzllNw40ex4wkWPh/s1P4dCWnoVU6AAGVTe0ODXvWK4B8XckMV n9W2CwDlXB1RooX+2WYo =ZiUp -----END PGP SIGNATURE-----
On Thu, Jun 06, 2013 at 02:05:40PM -0400, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
You can't. ngIRCd drops root privileges when starting up and before binding any ports. But root privileges are required to use ports <1024. Therefore this isn't possible, you must use port(s) >=1024. And no: it isn't an option to drop privileges after binding the port(s), because then reloading the confiuration on runtime would fail anyway ... Regards Alex
On Fri, Jun 07, 2013 at 11:22:57AM +0200, Alexander Barton wrote:
On Thu, Jun 06, 2013 at 02:05:40PM -0400, Xenophod wrote:
How can I get ngircd to listen on port 443? I don't need SSL, I just need a port that won't ever be blocked by ISPs/Wifi-hotspots/work networks
I tried adding 443 to the listening ports, but I get a Permission denied message.
You can't.
ngIRCd drops root privileges when starting up and before binding any ports. But root privileges are required to use ports <1024. Therefore this isn't possible, you must use port(s) >=1024.
A work-around might be to use stunnel <https://www.stunnel.org/index.htm> (plus, if needed a suitable IPTables &c ruleset). -- "Twenty-two minutes late, badger ate a junction box at New Malden." ('The Fall and Rise of Reginald Perrin')
On 06/06/2013 02:05 PM, Xenophod wrote:
I tried adding 443 to the listening ports, but I get a Permission denied message.
Everything everyone already said about low ports being reserved is true. On a Linux host, you can use the capabilities system to give a program permission to listen on these lower ports, without giving them full root access. The command will look something like: |# setcap "cap_net_bind_service=+ep" /usr/local/sbin/ngircd| See the setcap man page for details. After you do this, you'll be able to start your daemon on reserved ports. Hope this helps, -- Brett Smith
Thank you everyone. I have lots of ideas on how to allow ngircd (or any other application) to listen on port 443. I went with using setcap to allow ngircd access to ports below 1024 and it works. Thanks! I keep forgetting about the power of iptables as well. I'll jot that down in my notebook for future reference. On Fri, Jun 7, 2013 at 9:41 AM, Brett Smith <brett@w3.org> wrote:
On 06/06/2013 02:05 PM, Xenophod wrote:
I tried adding 443 to the listening ports, but I get a Permission denied message.
Everything everyone already said about low ports being reserved is true. On a Linux host, you can use the capabilities system to give a program permission to listen on these lower ports, without giving them full root access. The command will look something like:
# setcap "cap_net_bind_service=+ep" /usr/local/sbin/ngircd
See the setcap man page for details. After you do this, you'll be able to start your daemon on reserved ports.
Hope this helps,
-- Brett Smith
Teilnehmer (6)
-
Adam McGreggor -
Alexander Barton -
Brett Smith -
irosaurus@gmx.net -
Jonatan Walck -
Xenophod