Apache 2.0 Running a site on another port with a second ipaddress
John Abreau
abreauj at gmail.com
Fri Apr 20 13:34:23 EDT 2007
On 4/20/07, Stephen B Goldman <sgoldman at mit.edu> wrote:
> Hello Tom,
> This is a second address on the machine -
> The first in 192.168.1.35 which listens on 80
>
> The second Virtual Host is 192.168.1.110 which should listen on 1185-
>
>
> I tested 192.168.1.110 on 80 and it worked-
>
> the goal is it to have listen on 1185
>
> and this is where the problem is.
>
As Tom pointed out earlier,
kernel: audit(1177078045.770:10): avc: denied { name_bind }
for pid=6497 comm="httpd" src=1185 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:port_t tclass=tcp_socket
shows that SELinux is blocking apache from using any port except 80
(and perhaps 443 for SSL).
Running audit2allow against that line shows the selinux rule
allow httpd_t port_t:tcp_socket name_bind;
would allow apache to bind to any port. That may be more open than
you want to make it, though.
I haven't messed around with selinux much, I've basically just read
the O'Reilly book on SELinux. I believe you need to install the
selinjux-sources package in order to customize the rules. There's
probably a decent FAQ or HOWTO document out there, though.
--
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj at gmail.com
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list