Solved Bind Squid to a privileged port, anything below 1023

Hello,
After setting up my first squid proxy server, I found that squid daemon needed root privilege to bind to a port less than 1023. Searching online for quite a while, I could not find a proper way to do it.
Also, is there a better (more secure) way to accomplish this ? Thanks in advance
 
There is no other way. On UNIX(-like) systems only root is allowed to open ports below 1024.

NB. Squid normally runs on 8080 or 3128 (default) which doesn't require root privileges to open.
 
You don't have to bind it to a privileged port if you use a NAT rule on your packet filter of choice to redirect from the privileged port to an unprivileged one where squid actually listens on.
 
Besides that, I would assume Squid to work the same way as Apache or nginx. It starts as root, opens a port < 1024, then drops its privileges to a restricted account (www for example). Just because it's started by root doesn't mean it's actually running as root.
 
You don't have to bind it to a privileged port if you use a NAT rule on your packet filter of choice to redirect from the privileged port to an unprivileged one where squid actually listens on.
... Thank you very much... why haven't I thought of that? d'oh!
 
Back
Top