Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] get free local port for script?



Edward Wright writes:

 > My understanding is that when you make a (in this case) tcp connection
 > to a remote host, a port is assigned on the local host in some sequence
 > order.... therefore, I would think that at any given time, any given
 > port could be in use. Am I missing something?

No, I was.  :-)  I thought that the connection portspace is separate
from the listener portspace by construction.  It's not, as a careful
reading of ip(7) reveals.  Fortunately, it turns out my suggestion
will Work For You, although for a different reason.

>From section SYSCTLS of ip(7):

   ip_local_port_range
      Contains two integers that define the default local  port  range
      allocated  to  sockets.  Allocation starts with the first number
      and ends with the second number.  Note  that  these  should  not
      conflict  with the ports used by masquerading (although the case
      is handled).  Also arbitrary choices  may  cause  problems  with
      some  firewall  packet  filters  that make assumptions about the
      local ports in use.  First number should be at least >1024, bet-
      ter >4096 to avoid clashes with well known ports and to minimize
      firewall problems.

and the default setting (Gentoo, Linux 2.6.20) is

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768	61000
$ 

We be golden, methinks.



Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links