Xojo Developer Conference
25/27th April 2018 in Denver.
MBS Xojo Conference
6/7th September 2018 in Munich, Germany.

Has anyone gotten a ServerSocket to listen on a low port? (Real Studio network user group Mailinglist archive)

Back to the thread list
Previous thread: HTMLViewer, drag and drop, and html alias file
Next thread: Insert indented row in hierarchical listbox


Win32 API Declares   -   Berg, Heath
  Has anyone gotten a ServerSocket to listen on a low port?   -   joe strout.net
   Re: Has anyone gotten a ServerSocket to listen on a low port?   -   Stefan
    Re: Has anyone gotten a ServerSocket to listen on a low port?   -   joe strout.net
     Re: Has anyone gotten a ServerSocket to listen on a low port?   -   Stefan
   Re: Has anyone gotten a ServerSocket to listen on a low port?   -   Sam DeVore
    Re: Has anyone gotten a ServerSocket to listen on a low port?   -   joe strout.net
     Re: Has anyone gotten a ServerSocket to listen on a low port?   -   Sam DeVore

Has anyone gotten a ServerSocket to listen on a low port?
Date: 01.08.06 23:23 (Tue, 1 Aug 2006 16:23:13 -0600)
From: joe strout.net
I'm trying to get my ServerSocket to listen on port 80 on Mac OS X. But the problem is, Unix systems require root privileges for all processes listening on all ports below 1024.

I've searched the archives, and found some hints, but not enough detail for me to succeed at this yet. So far:

1. Use Authentication Services to authenticate my app (which I understand to mean, give it an effective user ID of root). Jon Johnson has a nifty example of declares to authentication services, but it executes a helper tool, which isn't what I need to do. (It also does some unexplained fiddling with file flags that I don't understand.)

Has anybody done this? Will I be able to un-authenticate my app once the server socket is listening, or would doing so cause it to stop listening?

2. Similar to 1, but using standard FreeBSD system calls (e.g. setuid). Again, has anybody tried this, and will I be able to setuid root only when I start listening?

3. Use ipfw to forward port 80 to some higher-numbered port. This sounds good, but I haven't yet figured out how to do it. From my searches on google, it seems that ipfw isn't just a command I could execute from a Shell within my app, but rather a set of system-wide config files that can seriously screw up your system if you mess up. I also worry about how these config files relate to what you can set in the Sharing/Firewall system preferences panel (which, alas, doesn't seem to provide for port forwarding).

So, has anybody actually managed to use ipfw on OS X to forward one port to another?

Finally, are there any other options I'm not considering, that don't involve letting my application run with root privs all the time?

Many thanks,
- Joe

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 01.08.06 23:34 (Wed, 2 Aug 2006 00:34:20 +0200)
From: Stefan
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 01.08.06 23:54 (Tue, 1 Aug 2006 16:54:37 -0600)
From: joe strout.net
On Aug 01, 2006, at 22:34 UTC, Stefan wrote:

> > 1. Use Authentication Services to authenticate my app (which I
> > understand to mean, give it an effective user ID of root). Jon
> > Johnson has a nifty example of declares to authentication services,
> > but it executes a helper tool, which isn't what I need to do. (It
> > also does some unexplained fiddling with file flags that I don't
> > understand.)
>
> MBS' plugin does the trick.

Can you elaborate? I assume you mean its wrapping of Authentication Services, but that leads back to the questions I was asking before: has anyone used this to listen on a port < 1024? And can I deauthorize after the Listen call, or will that cause my server to stop listening?

I'm agnostic when it comes to plugins -- pretty much anything that can be done with a plugin can be done with declares too. My concern here is whether this approach will work at all.

Thanks,
- Joe

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 02.08.06 01:15 (Wed, 2 Aug 2006 02:15:24 +0200)
From: Stefan
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 01.08.06 23:51 (Tue, 1 Aug 2006 15:51:34 -0700)
From: Sam DeVore
yup

here is how I have done it in the past

echo "passwordHere" | sudo -S /usr/sbin/sysctl -w
net.inet.ip.forwardingsudo /sbin/ipfw add 102 fwd 127.0.0.1,
destinationPort tcp from any to sourceAddr sourcePort in;sudo -K

replace destinationPort with the port your app is actually listening
in on
replace sourcePort with the source port you want the public interface
to be on
replace sourceAddr with the ip address for the public interface (you
can use 'any' or if you are multihoming and only want to listen on
one ip use the actual ip

HTH
Sam D
On Aug 1, 2006, at 3:23 PM, <email address removed> wrote:

> So, has anybody actually managed to use ipfw on OS X to forward one
> port to another?

_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 02.08.06 03:53 (Tue, 1 Aug 2006 20:53:15 -0600)
From: joe strout.net
On Aug 01, 2006, at 22:51 UTC, Sam DeVore wrote:

> here is how I have done it in the past
>
> echo "passwordHere" | sudo -S /usr/sbin/sysctl -w
> net.inet.ip.forwardingsudo /sbin/ipfw add 102 fwd 127.0.0.1,
> destinationPort tcp from any to sourceAddr sourcePort in;sudo -K

For the record, this works like a dream! I can execute the above in a shell (filling in appropriate values for destinationPort, sourceAddr, and sourcePort), right before calling ServerSocket.Listen, and now my app appears to all the world to be listening on the standard port. This is a very clean solution, which doesn't risk giving my app root privs, nor require mucking about with setuid bits, declares, or plugins.

Thanks, Sam!

Best,
- Joe

Re: Has anyone gotten a ServerSocket to listen on a low port?
Date: 02.08.06 04:05 (Tue, 1 Aug 2006 20:05:18 -0700)
From: Sam DeVore
also when you are done you can 'delete' the ipfw rule that you set up
here as well when you are done. It might also be helpful to make
sure that your rule number is not in use with ipfw list if you want
to get fancy

Sam D
On Aug 1, 2006, at 7:53 PM, <email address removed> wrote:

> On Aug 01, 2006, at 22:51 UTC, Sam DeVore wrote:
>
>> here is how I have done it in the past
>>
>> echo "passwordHere" | sudo -S /usr/sbin/sysctl -w
>> net.inet.ip.forwardingsudo /sbin/ipfw add 102 fwd 127.0.0.1,
>> destinationPort tcp from any to sourceAddr sourcePort in;sudo -K
>
> For the record, this works like a dream! I can execute the above
> in a shell (filling in appropriate values for destinationPort,
> sourceAddr, and sourcePort), right before calling
> ServerSocket.Listen, and now my app appears to all the world to be
> listening on the standard port. This is a very clean solution,
> which doesn't risk giving my app root privs, nor require mucking
> about with setuid bits, declares, or plugins.
>
> Thanks, Sam!

_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>

Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>