Named could not listen on UDP socket: permission denied

sniper007 · Feb 11, 2010

Hi guys!

I have exactly same problem!

http://lists.freebsd.org/pipermail/freebsd-net/2006-January/009569.html

Code:

--( abuser@gw )--( ~ )--( 09:50:06 )
--$ tail -30  /var/log/messages
Feb 11 04:32:21 gw named[1029]: creating IPv4 interface ng0 failed; interface ignored
Feb 11 05:32:21 gw named[1029]: could not listen on UDP socket: permission denied
Feb 11 05:32:21 gw named[1029]: creating IPv4 interface ng0 failed; interface ignored

Now i'd like to set MAC portacl Module but i'm not sure how to set it.

I want set this permanently even when i'll restart PC

Can you give me any advice ?

VoViK · Feb 11, 2010

Hi,
named should work on ng0?
You can set only local IP's in [CMD=""]/etc/namedb/named.conf[/CMD]

Code:

options {
  listen-on       { 127.0.0.1; 10.1.1.201; };
}

and
[CMD=""]/etc/rc.d/named restart[/CMD]

Alt · Feb 11, 2010

sniper007 said:
Now i'd like to set MAC portacl Module but i'm not sure how to set it.

I want set this permanently even when i'll restart PC

I think there is enough info on page you linked

sniper007 · Feb 11, 2010

VoViK said:
Hi,
named should work on ng0?

Yes because this server is master nameserver for few domains...

sniper007 · Feb 11, 2010

I set

Code:

security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

to /etc/sysctl.conf but when i restart box it doesn't set properly ???

Code:

--( abuser@gw )--( ~ )--( 23:27:31 )
--$ sysctl security.mac.portacl.rules
security.mac.portacl.rules:

why ?

LateNiteTV · Feb 12, 2010

did you add it to /etc/sysctl.conf?

Alt · Feb 12, 2010

Did you put

Code:

mac_portacl_load="YES"

to /boot/loader.conf ?
In your /etc/sysctl.conf there must be something like that

Code:

security.mac.portacl.enabled=1
security.mac.portacl.suser_exempt=1
security.mac.portacl.port_high=1023
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

sniper007 · Feb 12, 2010

Alt said:
Did you put

Code:

mac_portacl_load="YES"

to /boot/loader.conf ?
In your /etc/sysctl.conf there must be something like that

Code:

security.mac.portacl.enabled=1 security.mac.portacl.suser_exempt=1 security.mac.portacl.port_high=1023 net.inet.ip.portrange.reservedlow=0 net.inet.ip.portrange.reservedhigh=0 security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

i try as you wrote but still doesn't work..

I can set this manualy with

Code:

 sysctl security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

but when i reboot box value dissaper

Code:

--$ sysctl security.mac.portacl.rules
security.mac.portacl.rules:

Alt · Feb 12, 2010

Maybe you have typo in /etc/sysctl.conf

sniper007 · Feb 12, 2010

i don't think so, just copy -> paste this lines to /etc/sysctl.conf

Code:

security.mac.portacl.enabled=1
security.mac.portacl.suser_exempt=1
security.mac.portacl.port_high=1023
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53

Alt · Feb 12, 2010

Other sysctl values is setting on reboot?

sniper007 · Feb 12, 2010

At the moment do not have access to the box but i remember that in my sysctl.conf is only two additional lines and this is set correctly after reboot

sniper007 · Feb 12, 2010

I suspect that i forget something to add to my kernel conf file before i recompile kernel to add suport for mac_portacle:

I recompiled kernel with this settings (without any errors)

Code:

options         MAC
options         MAC_PORTACL

Need to add something else ?

sniper007 · Feb 13, 2010

Today i fugured out that kernel with this new options is very unstable, when i try to set security.mac.portacl.rules system immediately crash down :\

Can someone advise me how to properly (which options) i need to add to kernel to support mac portacle ??

Thanks,

Jurif