[Dxspider-support] spider and port 23
Dirk Koopman G1TLH
gb7tlh at dxcluster.org
Sat Jun 28 10:16:04 BST 2008
ON6HH Roland Huysentruyt wrote:
> Hi all
>
> Now spider is started as "sysop" I do have a problem to use port 23
> besides 8000 .
> On startup spider crasches ,"permission denied ",see below :
>
> 1214546695^starting listeners ...
>
> 1214546695^Internal port: localhost 27754 using IntMsg
>
> 1214546695^External Port: 193.191.136.222 8000 using ExtMsg::login
>
> 1214546695^IO::Socket::INET: Permission denied
>
> 1214546695^Could not create socket: Permission denied
>
> 1214546695^ at /spider/perl/Msg.pm line 447
>
> 1214546695^ Msg::new_server('ExtMsg', 193.191.136.222, 23,
> 'CODE(0x8434318)') called at /spider/perl/cluster.pl line 407
>
> Started as root it works.
> Anyone has an idee how to solve this ?
> Using UBUNTU 7.10 server
I'm going to be dead boring about this, because I have said this in the
past (and it's in the installation manual as well).
1. Don't run as root. Period. It's dangerous and I can't guarantee that
there are no exploits available for someone to take over your system
through DXSpider. I won't be held responsible if the worst happens
because a sysop ignores what the manual says and does it anyway.
2. Don't use port 23 because DXSpider is *NOT* a telnet server (i.e. a
server that provides a login shell to your box via the telnet protocol).
3. The reason only root works is because only root can bind to ports
below 1024.
3. If you still *really* want to do this then the only safe way is to
use iptables and do a redirect from port 23 to 8000. I personally do
this with my webservers. They never, ever, run as root, they run on some
higher port and I use shorewall (an iptables front end [available as a
package in Ubuntu]) to do both the firewalling and the redirection.
Dirk G1TLH
More information about the Dxspider-support
mailing list