# Port redirection with natd inside a jail



## sand_man (May 22, 2019)

I have graylog set up inside a jail with an syslog input configured on UDP 5001. Unfortunately when configuring devices to send syslog to the server, some devices do not support changing the port number and is stuck on UDP/514 so I want to do port redirection on the jail to send any incoming traffic on UDP/514 to UDP/5001.

I tried to use natd but it complained about being unable to load kernel modules which I think is because it's inside a jail. I have not done much more testing but is it simply a matter of loading the natd kernel modules on the host? Is there another way to do port redirection inside the jail?


----------



## SirDice (May 23, 2019)

Why don't you simply configure graylog to listen on 514?


----------



## sand_man (May 27, 2019)

Oh I forgot that crucial bit of information. I tried to set gralyog to listen on 514 but it fails. I read somewhere that this would be because it's a privileged port (<1024) and the service would need to run as root to be able to do that. I suppose I could change graylog to run as root but I'd rather avoid it if possible.

Edit:
Actually just having a look at the server now, it probably failed because syslog is already listening on that port.... I'll turn that off and see if it works.

Edit2:
Nope, it's definitely not allowing me to bind to a privileged port. Is there a way to allow a regular user to bind to a privileged port? Otherwise my only other option is to run graylog as root or configure a NAT rule somehow.


----------



## SirDice (May 27, 2019)

It has nothing to do with 'priviledged' ports. It's supposed to run on port 514. The "problem" you are most likely seeing is that syslogd(8) is already listening on that port. Set `syslogd_flags="-ss"` to prevent it from attaching to any network socket. Then you will have no problems running Graylog on port 514.


----------



## tommiie (May 27, 2019)

Would using vnet(9) be an option?


----------



## sand_man (May 28, 2019)

SirDice said:


> It has nothing to do with 'priviledged' ports. It's supposed to run on port 514. The "problem" you are most likely seeing is that syslogd(8) is already listening on that port. Set `syslogd_flags="-ss"` to prevent it from attaching to any network socket. Then you will have no problems running Graylog on port 514.


I'm not so sure. I did 'service syslogd stop' and then tried to start the graylog input on 514 but it still failed. I verified that nothing was listening on port 514 before testing.
I'll try what you suggested.


----------

