Hello, I'm having a interresting SELinux problem that I can't figure out how to solve. The context: This is on a server running in our DMZ and it is providing file transfer services to our client using different protocols. The machine has a system IP and a service IP. The service IP is used to receive all customer traffic (a external IP is NAT'ed to the service IP by the firewall). The system IP is used by us to do all management. We first setup FTPS access over the regular FTP ports, but as most of you know FTP is not the most firewall friendly protocol because the need of a seperate data channel and using encryption prevents firewalls to open up the needed port automatically. Se we also started to setup SFTP access to the same repository. We initially tried to do this using the regular OpenSSH setup, but the way OpenSSH does chroot'ing (we enable chroot in all setups) is not compatible with the way we have setup our data repository. So we switched to using ProFTPD for the SFTP service. This of course means that we have bind OpenSSH to the internal system IP on port 22 and ProFTPD to the service IP also on port 22. The problem: The problem is that I cannot get SELinux to allow the use of port 22 by these 2 daemons which run under different types (sshd_t & ftpd_t). I can use the semanage command to allow one type to use port 22, but not both at the same time. I use this command: semanage port -m -t ssh_port_t -p tcp 22 Since this is a system accessible on the internet and because of the protocols used I ofcourse do not want to disable SELinux here. So how can I allow SELinux to let both openssh and proftpd use port 22 at the same time? Thank you, Tim -- Tim Verhoeven - tim.verhoeven.be@xxxxxxxxx - 0479 / 88 11 83 Hoping the problem magically goes away by ignoring it is the "microsoft approach to programming" and should never be allowed. (Linus Torvalds) -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
