4

I want to run a custom DNS server (NxFilter to be precise) on a Synology DS115j NAS, which of course binds on port 53. This works when running as root, but I want to lock down the process now.

This NAS runs a busybox flavor of linux (using DSM5 in Synology parlance). I have installed Java with the Java Manager Package. Now, I look for a way to run the java process under a non-root account, while still allowing it to bind to the privileged Port 53.

I have looked into this great answer: https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443 but this does not work on my Synology box. I neither have setcap nor authbind available.

So the question is: How to specifically allow a process/binary to bind to a privileged port on a busybox linux?

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
hitchhiker
  • 141
  • 2

1 Answers1

2

Do you have access to iptables, I vaguely remember that the Synology NAS boxes do? If so you can put a redirect in with this:-

iptables -I INPUT 1 -p tcp --dport 53 -j ACCEPT
iptables -I INPUT 1 -p tcp --dport 7000 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 53 -j REDIRECT --to-port 7000

Line 1 adds an opening to port 53 Line 2 adds an opening to port 7000 which is what you should set your java app to use Line 3 adds a redirect that any traffic inbound on port 53 gets directed to port 7000.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
David
  • 21
  • 4