centos bind port permission denied

Posted in :

在 centOS 裡,使用 lighttpd 或 nginx 加 web server 時,default 的 port 可以通,但其他的卻不行。原因是 SELinux 造成。


SELinux 預設只允許 SSH 使用埠號 22, 執行以下指令開啟埠號 2202: (如果你設定的埠號不是 2202, 要將指令修改)

# semanage port -a -t ssh_port_t -p tcp 2202

設定後可以執行 semanage 檢查是否開啟 2202 埠號:

# semanage port -l | grep ssh
ssh_port_t tcp 2202, 22

除了開啟 SELinux 外,還要設定 firewalld 開啟埠號 2202:

# firewall-cmd --permanent --zone=public --add-port=2202/tcp

重新載入 firewalld

# firewall-cmd –reload

沒有問題後可以重新啟動 SSH Server:

# systemctl restart sshd.service

更改 SSH 預設埠號後,在終端機連接到 SSH 要加上 -p 參數指定埠號,例如:

ssh -p 2202 [email protected]

 


This will most likely be related to SELinux

semanage port -l | grep http_port_t
http_port_t                    tcp      80, 81, 443, 488, 8008, 8009, 8443, 9000

As you can see from the output above with SELinux in enforcing mode http is only allowed to bind to the listed ports. The solution is to add the ports you want to bind on to the list

semanage port -a -t http_port_t  -p tcp 8090

will add port 8090 to the list.


It is unusual to get a “Permission denied” message when running a command using sudo. I might check that SELinux isn’t installed/enabled.

The usual reason a network service fails to bind to a port is because the TCP port is already in use by some other service. The usual way to check this is

$ sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address     State       PID/Program name
tcp        0      0 :::80               :::*                LISTEN      3944/httpd
tcp        0      0 :::22               :::*                LISTEN      3834/sshd
tcp        0      0 :::443              :::*                LISTEN      3944/httpd

Here we can see that port 80 is already in use by the httpd program.

If there is a better explanation, someone will be along soon to downvote this answer and post a more useful one 🙂

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *