[Dxspider-support] spider and port 23

Dirk Koopman G1TLH gb7tlh at dxcluster.org
Sat Jun 28 10:16:04 BST 2008


ON6HH Roland Huysentruyt wrote:
> Hi all
>  
> Now spider is started as "sysop" I do have a problem to use port 23 
> besides 8000 .
> On startup spider crasches ,"permission denied ",see below :
> 
> 1214546695^starting listeners ...
> 
> 1214546695^Internal port: localhost 27754 using IntMsg
> 
> 1214546695^External Port: 193.191.136.222 8000 using ExtMsg::login
> 
> 1214546695^IO::Socket::INET: Permission denied
> 
> 1214546695^Could not create socket: Permission denied
> 
> 1214546695^ at /spider/perl/Msg.pm line 447
> 
> 1214546695^ Msg::new_server('ExtMsg', 193.191.136.222, 23, 
> 'CODE(0x8434318)') called at /spider/perl/cluster.pl line 407
> 
> Started as root it works.
> Anyone has an idee how to solve this ?
> Using  UBUNTU 7.10 server

I'm going to be dead boring about this, because I have said this in the 
past (and it's in the installation manual as well).

1. Don't run as root. Period. It's dangerous and I can't guarantee that 
there are no exploits available for someone to take over your system 
through DXSpider. I won't be held responsible if the worst happens 
because a sysop ignores what the manual says and does it anyway.

2. Don't use port 23 because DXSpider is *NOT* a telnet server (i.e. a 
server that provides a login shell to your box via the telnet protocol).

3. The reason only root works is because only root can bind to ports 
below 1024.

3. If you still *really* want to do this then the only safe way is to 
use iptables and do a redirect from port 23 to 8000. I personally do 
this with my webservers. They never, ever, run as root, they run on some 
higher port and I use shorewall (an iptables front end [available as a 
package in Ubuntu]) to do both the firewalling and the redirection.

Dirk G1TLH



More information about the Dxspider-support mailing list