On Tue, 3 Jul 2018 09:54:02 +0200 "W.C.A. Wijngaards via Unbound-users" <unbound-users@unbound.net> wrote:
> I want to ask to make sure. Do you have other config with
> outgoing-port-permit or outgoing-port-avoid in the file? They are
> processed in order they appear.
>
> An inspection of the code and some debug says that <1024 should really
> not be in the list of possibilities, but apparantly it is for you,
> perhaps due to config?
>
> Best regards, Wouter
>
> >
> > my config has:
> > outgoing-port-permit: 32768-65535
> > outgoing-port-avoid: 0-32767
> >
> >
>
>
I can see the similar issue with similar config (which is there btw
because of selinux preventing use of non-dynamic ports.
Jul 3 12:56:28 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for ::
Jul 3 13:56:27 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for 0.0.0.0
But in my log lines there are is no port.
More from my config:
interface-automatic: no
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
ip-transparent: yes
And after these I bind to ip addresses.
interface: 192.0.2.153
interface: 2001:DB8::5
Could it be auth-zone not using those outgoing-port-permit and
outoging-port-avoid settings - timing from log looks like it could be
caused by rfc7706 config.
--
Tuomo Soini <t...@foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
pgp7UENFt9Fle.pgp
Description: OpenPGP digital signature
