allow a application on port UDP/162 as non root
Matthew Galgoci
mgalgoci at redhat.com
Thu Aug 6 15:04:05 UTC 2009
> > This isn't a selinux issue. By default non-root processes cannot bind to
> > ports less than 1024. I'm not sure if there is a clean way around this.
> >
>
> iptables redirect port UDP port 162 to, say, 1162.
>
> -A PREROUTING -d 192.168.1.1 -p udp -m udp --dport 162 -j REDIRECT
> --to-ports 1162
I wouldn't call that clean :)
It should work though, I've seen people do it with tcp and java
applications before.
The only caveat here is that iptables -L -n won't show this rule by
default. Instead you need to specify nat table on the command line
like this:
iptables -L -n -t nat
--
Matthew Galgoci
Network Operations
Red Hat, Inc
919.754.3700 x44155
More information about the redhat-sysadmin-list
mailing list