can't bind socket: Permission denied for IPv6 (port bellow 1024)
Tuomo Soini
tis at foobar.fi
Tue Jul 3 11:19:06 UTC 2018
On Tue, 3 Jul 2018 09:54:02 +0200
"W.C.A. Wijngaards via Unbound-users" <unbound-users at unbound.net> wrote:
> I want to ask to make sure. Do you have other config with
> outgoing-port-permit or outgoing-port-avoid in the file? They are
> processed in order they appear.
>
> An inspection of the code and some debug says that <1024 should really
> not be in the list of possibilities, but apparantly it is for you,
> perhaps due to config?
>
> Best regards, Wouter
>
> >
> > my config has:
> > outgoing-port-permit: 32768-65535
> > outgoing-port-avoid: 0-32767
> >
> >
>
>
I can see the similar issue with similar config (which is there btw
because of selinux preventing use of non-dynamic ports.
Jul 3 12:56:28 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for ::
Jul 3 13:56:27 resolver unbound: [18382:0] error: can't bind socket:
Permission denied for 0.0.0.0
But in my log lines there are is no port.
More from my config:
interface-automatic: no
outgoing-port-permit: 32768-60999
outgoing-port-avoid: 0-32767
ip-transparent: yes
And after these I bind to ip addresses.
interface: 192.0.2.153
interface: 2001:DB8::5
Could it be auth-zone not using those outgoing-port-permit and
outoging-port-avoid settings - timing from log looks like it could be
caused by rfc7706 config.
--
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <https://foobar.fi/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20180703/cd51930f/attachment.bin>
More information about the Unbound-users
mailing list