I needed to set up a daemon for a service that’s in the low 1024 ports reserved for root on FreeBSD. However, I didn’t want to run the service as root. Instead, I set up pf (the firewall in BSDs) to simply redirect the port.
If you haven’t already, make sure pf is enabled; check the handbook page for how to do that. In this case, it’s just a matter of running:
The default location of
/etc/pf.conf is fine.
I took this example from the manual page for
pf.conf; I’m merely posting this for the sake of search engines. The following example is trivial;
ext_if is a variable for the interface to perform the mangling for, 119 is the privileged port I wanted to redirect, and 1119 is the target port.
ext_if = "vtnet0" rdr on $ext_if proto tcp from any to any port 119 -> 127.0.0.1 port 1119
Reload the pf rules, or start pf if you haven’t already. (Again, see the handbook. You’ll want to refer to it often.)