Why hostfwd option of QEMU need root access in some times and doesn't need some times
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
This command of QEMU doesn't need root access :
qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000
When I added the 443 and 80 port, I need root access :
sudo qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80
Without root access I've got this error message :
qemu-system-x86_64: -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80: Could not set up host forwarding rule 'tcp::80-:80'
Is that meaning sort of TCP port access are protected in QEMU software ?
qemu port-forwarding
asked Mar 7 at 10:37
dubisdubis
5501517
add a comment |
This command of QEMU doesn't need root access :
qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000
When I added the 443 and 80 port, I need root access :
sudo qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80
Without root access I've got this error message :
qemu-system-x86_64: -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80: Could not set up host forwarding rule 'tcp::80-:80'
Is that meaning sort of TCP port access are protected in QEMU software ?
qemu port-forwarding
asked Mar 7 at 10:37
dubisdubis
5501517
add a comment |
This command of QEMU doesn't need root access :
qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000
When I added the 443 and 80 port, I need root access :
sudo qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80
Without root access I've got this error message :
qemu-system-x86_64: -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80: Could not set up host forwarding rule 'tcp::80-:80'
Is that meaning sort of TCP port access are protected in QEMU software ?
qemu port-forwarding
asked Mar 7 at 10:37
dubisdubis
5501517
This command of QEMU doesn't need root access :
qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000
When I added the 443 and 80 port, I need root access :
sudo qemu-system-x86_64 -m 3072 -smp 2 -hda Debian9.qcow2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80
Without root access I've got this error message :
qemu-system-x86_64: -netdev user,id=net0,hostfwd=tcp::5555-:22,hostfwd=tcp::9000-:9000,hostfwd=tcp::443-:443,hostfwd=tcp::80-:80: Could not set up host forwarding rule 'tcp::80-:80'
Is that meaning sort of TCP port access are protected in QEMU software ?
qemu port-forwarding
qemu port-forwarding
asked Mar 7 at 10:37
dubisdubis
5501517
asked Mar 7 at 10:37
dubisdubis
5501517
asked Mar 7 at 10:37
dubisdubis
5501517
asked Mar 7 at 10:37
dubisdubis
5501517
asked Mar 7 at 10:37
dubisdubis
5501517
5501517
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
The ports < 1024 are privileged, and only a root process (or a process with CAP_NET_BIND_SERVICE capabilities in Linux) can bind a socket to them.
The host forwarding in qemu works by qemu binding a socket to a port on the host machine; if the qemu process is running as a normal user with no extra caps, it won't be able to bind to 80 or 443.
If you're on Linux, you can work around that with setcap CAP_NET_BIND_SERVICE+ep /path/to/qemu-system-x86_64, but that's something I do not recommend.
answered Mar 7 at 12:14
mosvymosvy
9,0271833
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f504886%2fwhy-hostfwd-option-of-qemu-need-root-access-in-some-times-and-doesnt-need-some%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The ports < 1024 are privileged, and only a root process (or a process with CAP_NET_BIND_SERVICE capabilities in Linux) can bind a socket to them.
The host forwarding in qemu works by qemu binding a socket to a port on the host machine; if the qemu process is running as a normal user with no extra caps, it won't be able to bind to 80 or 443.
If you're on Linux, you can work around that with setcap CAP_NET_BIND_SERVICE+ep /path/to/qemu-system-x86_64, but that's something I do not recommend.
answered Mar 7 at 12:14
mosvymosvy
9,0271833
add a comment |
The ports < 1024 are privileged, and only a root process (or a process with CAP_NET_BIND_SERVICE capabilities in Linux) can bind a socket to them.
The host forwarding in qemu works by qemu binding a socket to a port on the host machine; if the qemu process is running as a normal user with no extra caps, it won't be able to bind to 80 or 443.
If you're on Linux, you can work around that with setcap CAP_NET_BIND_SERVICE+ep /path/to/qemu-system-x86_64, but that's something I do not recommend.
answered Mar 7 at 12:14
mosvymosvy
9,0271833
add a comment |
The ports < 1024 are privileged, and only a root process (or a process with CAP_NET_BIND_SERVICE capabilities in Linux) can bind a socket to them.
The host forwarding in qemu works by qemu binding a socket to a port on the host machine; if the qemu process is running as a normal user with no extra caps, it won't be able to bind to 80 or 443.
If you're on Linux, you can work around that with setcap CAP_NET_BIND_SERVICE+ep /path/to/qemu-system-x86_64, but that's something I do not recommend.
answered Mar 7 at 12:14
mosvymosvy
9,0271833
The ports < 1024 are privileged, and only a root process (or a process with CAP_NET_BIND_SERVICE capabilities in Linux) can bind a socket to them.
The host forwarding in qemu works by qemu binding a socket to a port on the host machine; if the qemu process is running as a normal user with no extra caps, it won't be able to bind to 80 or 443.
If you're on Linux, you can work around that with setcap CAP_NET_BIND_SERVICE+ep /path/to/qemu-system-x86_64, but that's something I do not recommend.
answered Mar 7 at 12:14
mosvymosvy
9,0271833
answered Mar 7 at 12:14
mosvymosvy
9,0271833
answered Mar 7 at 12:14
mosvymosvy
9,0271833
answered Mar 7 at 12:14
mosvymosvy
9,0271833
9,0271833
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f504886%2fwhy-hostfwd-option-of-qemu-need-root-access-in-some-times-and-doesnt-need-some%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
