33 lines
1.3 KiB
Markdown
33 lines
1.3 KiB
Markdown
aprsc tricks and tips
|
|
=====================
|
|
|
|
|
|
Providing access on low TCP ports (like 23)
|
|
----------------------------------------------
|
|
|
|
For security reasons aprsc drops root privileges as soon as possible after
|
|
starting up (if it ever had them in the first place). Listening on
|
|
privileged "low" ports below 1024 normally requires root privileges, which
|
|
aprsc no longer has when it comes to the point where it would start binding
|
|
those ports.
|
|
|
|
You can use a NAT based method to redirect traffic from port 23 to port
|
|
14580 (or some other high unprivileged port your server is listening on).
|
|
Replace *youripaddress* with your external IP address. The local listening
|
|
address (to-destination) cannot be localhost, so use the same IP address.
|
|
These two commands need to go somewhere in your startup scripts or firewall
|
|
configurations.
|
|
|
|
root@box:~# iptables -t nat -A PREROUTING -d *youripaddress*
|
|
-p tcp --dport 23 -m addrtype --dst-type LOCAL -j DNAT
|
|
--to-destination *youripaddress*:14580
|
|
|
|
root@box:~# iptables -t nat -A OUTPUT -d *youripaddress*
|
|
-p tcp --dport 29 -m addrtype --dst-type LOCAL -j DNAT
|
|
--to-destination *youripaddress*:14580
|
|
|
|
When you wish to view your current NAT configuration on Linux, remember to
|
|
specifically ask for the nat tables:
|
|
|
|
root@box:~# iptables -t nat -L
|