Reputation: 59
bind port 80 to non root user. CentOS
I need to Allow port 80 access to non privileged User on my CentOs. I am running Shoutcast, and Centova Cast on my server to host audio streams. I have been using port 80 for the last few months now without a problem using the following.....
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.104 --dport 80 -j DNAT --to 10.70.106.130:8000
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.105 --dport 80 -j DNAT --to 10.70.106.130:8002
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.106 --dport 80 -j DNAT --to 10.70.106.130:8004
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.107 --dport 80 -j DNAT --to 10.70.106.130:8006
I am currently testing my new Centova Cast control panel using the last IP address listed (5.10.69.107). I am not able to reach my audio stream using Centova Cast using port 80. the other 3 streams are working using root access.
Using the suggestions on this page https://secure.centova.com/pages/faqs/display/using_port_80_for_streaming_121 I have attempted setcap with the following
setcap 'cap_net_bind_service=+ep' /home/centovacast/shoutcast/sc_serv
and
setcap 'cap_net_bind_service=+ep' /home/centovacast/vhosts/bcr64k/etc/server.conf
and
setcap 'cap_net_bind_service=+ep' /home/centovacast/system/runascc/castd
with no effect. Am I missing something? the actual test process that is running on the server for Centova cast looks like this.
/home/centovacast/system/runascc/castd
/home/centovacast/shoutcast/sc_serv /home/centovacast/vhosts/bcr64k/etc/server.conf
If working properly, you should be able to hear music in a media player using 5.10.69.107. it currently works on 5.10.69.104 , 105, and 106. All addresses are on the same server, with the audio coming from the same source. Any suggestions would help. Thank you -Bob Swaggerty
Upvotes: 1
Views: 4080
Answers (1)
Reputation: 59
Resolved
I needed to remove from Iptables
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.104 --dport 80 -j DNAT --to 10.70.106.130:8000
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.105 --dport 80 -j DNAT --to 10.70.106.130:8002
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.106 --dport 80 -j DNAT --to 10.70.106.130:8004
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.107 --dport 80 -j DNAT --to 10.70.106.130:8006
and replace with
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.104 --dport 80 -j REDIRECT --to-port 8000
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.105 --dport 80 -j REDIRECT --to-port 8002
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.106 --dport 80 -j REDIRECT --to-port 8004
iptables -A PREROUTING -t nat -p tcp -d 5.10.69.107 --dport 80 -j REDIRECT --to-port 8006
Upvotes: 1
Related Questions
- I can bind to port 80 as a non-root user in a docker container. Why? What's going on?
- apache port 80 non root
- How to run node.js as non-root user?
- How to run apache as non-root, using non-standard ports?
- Having Apache httpd listen on port 80, but not started as root?
- How to bind 80 non-root
- Using iptables to map privilaged to non-privilaged port
- Bind a web server to port 80 without being root
- aws ec2 iptables port 80 (http)
- How to limit port 80 to just one user with iptables