Unable to configure listen port below 1024

Document ID : KB000045699
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary: 

The Gateway will not allow configurations of ports 1024 and below, i.e the privilege ports as the underlying Linux OS will only allow root process to use these.  This stops the Gateway listening directly on default ports such as HTTP/HTTPS/FTP.

Instructions: 

To overcome you can use firewall rules to redirect the privileged ports to higher ports that the gateway listens on.  

From Policy Manager, select menu item 'Tasks -> Manage Listen Ports', once dialog opens click on 'Manage Firewall Rules' and create a new rule to redirect the port in question.  

See the following documentation page for full details on how to configure this page.

https://docops.ca.com/ca-api-gateway/9-1/en/configure-security/tasks-menu-security-options/manage-listen-ports/firewall-rule-properties

Additional Information: 

Interesting discussion with some of the background behind why the privileged ports are limited to 1024.

https://www.staldal.nu/tech/2007/10/31/why-can-only-root-listen-to-ports-below-1024/