转自:新のBlog(http://xinwo.sinaapp.com/program-can-not-listen-port/)
今天折腾apache正向代理,需要把代理端口单独分离出来。首先选择82,只是调试而已。嗯嗯…启动后就报奇葩错误了:
(13)Permission denied: make_sock: could not bind to address [::]:82
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:82
no listening sockets available, shutting down
这啥奇葩情况?没遇到过啊。因为昨天才在另一台弄来着,半信半疑执行下netstat -anp|grep 82,结果…
unix 6 [ ] DGRAM 5827 1871/syslogd /dev/log
好吧我终于想起了1024以下端口不能随便用,我换…换8282总行了吧?结果…
(13)Permission denied: make_sock: could not bind to address [::]:8282
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:8282
no listening sockets available, shutting down
(13)Permission denied: make_sock: could not bind to address [::]:32323
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:32323
no listening sockets available, shutting down
我勒个去,坑爹也不带这么坑的啊!iptables确定关了,再netstat -anp|grep 32323、netstat -anp|grep 8282确定没程序占用这2个端口。只好无助地求助万能的google,结果就是这台机器启用了selinux,需要把端口加进规则里,否则不放行。据说selinux是加固系统用的,系统本来就很安全了加上这个总感觉像win7加了UAC一样蛋疼。没辙,懒得关了,关了还得重启,查查怎么用吧。
首先用semanage port -l | grep http列出全部http相关的端口规则:
http_cache_port_t tcp 3128, 8080, 8118, 11211, 10001-10010
http_cache_port_t udp 3130, 11211
http_port_t tcp 80, 443, 488, 8008, 8009, 8443
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
好吧原来还有8008、8009、8443这几个没见过的端口,不管了先加上自己的,执行semanage port -a -t http_port_t -p tcp 32323,然后apache满血原地复活!~
感谢这位博主提供命令:http://www.zzxj.net/blog/fxs_2008/archive/2010/07/05/187.html
最后带上semanage的用法,有空学学:http://hi.baidu.com/leowang715/blog/item/021bf91330489545f819b8b2.html
an9
8443是虚拟主机控制面板PLESK的端口。
ovear 回复给 an9
soka,原来如此,谢谢了
jim
刚也搞了一个小时,和楼主同样的问题,centos用了selinux,要用semanage命令才能搞定。
ovear 回复给 jim
~能帮上忙真是太好了