Fred Moore wrote:
Hi folks,
I'm looking for war stories and checklists about having FTPServer (and by
implication the JRE java process itself) listening on port 21 on a Linux
box.
Apparently there are several security issues to consider when listening on
"low" (<1024) ports, like SUID root previleges and the fact that
LD_LIBRARY_PATH is not used anymore.
Jetty (Java HTTP Server) guys for a similar port 80 issue provide a specific
setuid feauture but also suggest an apparently simple alternative approach
based on ipchains and iptables (
http://docs.codehaus.org/display/JETTY/port80).
Has anyone succeeded in running FTPServer on port 21? Any gotchas?
Cheers,
F.
This is what I do
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j REDIRECT
--to-ports 60021
This simply fowards all traffic on port 21 to port 60021. No need for my
Java app to run as root or setuid or anything like that.
--
Niklas Therning
www.spamdrain.net
