# Named could not listen on UDP socket: permission denied



## sniper007 (Feb 11, 2010)

Hi guys!

I have exactly same problem!

http://lists.freebsd.org/pipermail/freebsd-net/2006-January/009569.html


```
--( abuser@gw )--( ~ )--( 09:50:06 )
--$ tail -30  /var/log/messages
Feb 11 04:32:21 gw named[1029]: creating IPv4 interface ng0 failed; interface ignored
Feb 11 05:32:21 gw named[1029]: could not listen on UDP socket: permission denied
Feb 11 05:32:21 gw named[1029]: creating IPv4 interface ng0 failed; interface ignored
```

Now i'd like to set MAC portacl Module but i'm not sure how to set it. 

I want set this permanently even when i'll restart PC


Can you give me any advice ?


----------



## VoViK (Feb 11, 2010)

Hi,
named should work on ng0?
You can set only local IP's in [CMD=""]/etc/namedb/named.conf[/CMD]


```
options {
  listen-on       { 127.0.0.1; 10.1.1.201; };
}
```
and
[CMD=""]/etc/rc.d/named restart[/CMD]


----------



## Alt (Feb 11, 2010)

sniper007 said:
			
		

> Now i'd like to set MAC portacl Module but i'm not sure how to set it.
> 
> I want set this permanently even when i'll restart PC


I think there is enough info on page you linked


----------



## sniper007 (Feb 11, 2010)

VoViK said:
			
		

> Hi,
> named should work on ng0?




Yes because this server is master nameserver for few domains...


----------



## sniper007 (Feb 11, 2010)

I set 

```
security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53
```

to /etc/sysctl.conf but when i restart box it doesn't set properly ???



```
--( abuser@gw )--( ~ )--( 23:27:31 )
--$ sysctl security.mac.portacl.rules
security.mac.portacl.rules:
```

why ?


----------



## LateNiteTV (Feb 12, 2010)

did you add it to /etc/sysctl.conf?


----------



## Alt (Feb 12, 2010)

Did you put 
	
	



```
mac_portacl_load="YES"
```
to /boot/loader.conf ?
In your /etc/sysctl.conf there must be something like that
	
	



```
security.mac.portacl.enabled=1
security.mac.portacl.suser_exempt=1
security.mac.portacl.port_high=1023
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53
```


----------



## sniper007 (Feb 12, 2010)

Alt said:
			
		

> Did you put
> 
> 
> 
> ...




i try as you wrote but still doesn't work.. 

I can set this manualy with 

```
sysctl security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53
```


but when i reboot box value dissaper


```
--$ sysctl security.mac.portacl.rules
security.mac.portacl.rules:
```


----------



## Alt (Feb 12, 2010)

Maybe you have typo in /etc/sysctl.conf


----------



## sniper007 (Feb 12, 2010)

i don't think so,  just copy -> paste  this lines to /etc/sysctl.conf

```
security.mac.portacl.enabled=1
security.mac.portacl.suser_exempt=1
security.mac.portacl.port_high=1023
net.inet.ip.portrange.reservedlow=0
net.inet.ip.portrange.reservedhigh=0
security.mac.portacl.rules=uid:53:tcp:53,uid:53:udp:53
```


----------



## Alt (Feb 12, 2010)

Other sysctl values is setting on reboot?


----------



## sniper007 (Feb 12, 2010)

At the moment do not have access to the box but i remember that in my sysctl.conf is only two additional lines and this is set correctly after reboot


----------



## sniper007 (Feb 12, 2010)

I suspect that i forget something to add to my kernel conf file before i recompile kernel to add suport for mac_portacle:

I recompiled kernel with this settings (without any errors)


```
options         MAC
options         MAC_PORTACL
```

Need to add something else ?


----------



## sniper007 (Feb 13, 2010)

Today i fugured out that kernel with this new options is very unstable, when i try to set *security.mac.portacl.rules * system immediately crash down :\

Can someone advise me how to properly (which options) i need to add to kernel to support mac portacle ??

Thanks,

Jurif


----------

