Subject: Re: new sysctl - privilaged ports runtime option?
To: Rasputin <rasputin@idoru.mine.nu>
From: Johnny C. Lam <jlam@netbsd.org>
List: tech-kern
Date: 08/08/2002 08:03:40
On Thu, Aug 08, 2002 at 01:54:26PM +0100, Rasputin wrote:
> * Greg A. Woods <woods@weird.com> [020807 22:21]:
> >
> > I think there's enough code in user-land that makes certain assumptions
> > about what privileges are required in order to bind a socket (either for
> > listening or for the source port) to a port <= 1024 that such an option
> > really should always only be a compile-time option, and one documented
> > with grave warnings attached at that. SSH for example makes many such
> > assumptions. I.e. you really must know exactly what you're doing before
> > giving up this protection on a given machine.
>
> Does this change win anything over using something like ipnat to
> redirect inbound port 80 traffic -> 8888 , for example?
IIRC ipnat doesn't allow redirecting traffic between ports on the same
interface.
Cheers,
-- Johnny Lam <jlam@netbsd.org>