[135048] in North American Network Operators' Group
Re: Is NAT can provide some kind of protection?
daemon@ATHENA.MIT.EDU (William Herrin)
Sat Jan 15 16:44:22 2011
In-Reply-To: <20EB8EFD-44A4-49D2-9B3A-C55D133BFF21@smtps.net>
From: William Herrin <bill@herrin.us>
Date: Sat, 15 Jan 2011 16:43:55 -0500
To: Brian Keefer <chort@smtps.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Jan 15, 2011 at 4:16 PM, Brian Keefer <chort@smtps.net> wrote:
> 1.) =A0Allows you to redirect a privileged port (on UNIX) to a
> non-privileged port.=A0For daemons that don't implement some
> form of privilege revoking after binding to a low port (and/or aren't
> allowed to run as root), this is very useful. =A0It's much easier to
> have a firewall redirect than to implement robust privilege revoking.
> =A0Example: PAT 25/tcp -> 2525/tcp.
There was a patch offered for the Linux kernel years ago that exported
the network ports as a filesystem where you could set who could bind
which port by changing the ownership and permissions on the "files." I
never understood why Linus rejected it.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
