A little question in the config chapter (handbook)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

A little question in the config chapter (handbook)

Marco Trentini

While reading the chapter I met up in this section:

.....
      <sect3>
        <title><varname>net.inet.ip.portrange.*</varname></title>

        <indexterm>
          <primary>net.inet.ip.portrange.*</primary>
        </indexterm>

        <para>The <varname>net.inet.ip.portrange.*</varname> sysctl
          variables control the port number ranges automatically bound to TCP
          and UDP sockets.  There are three ranges: a low range, a default
          range, and a high range.  Most network programs use the default
          range which is controlled by the
          <varname>net.inet.ip.portrange.first</varname> and
          <varname>net.inet.ip.portrange.last</varname>, which default to
          1024 and 5000, respectively.  Bound port ranges are used  for
          outgoing connections, and it is possible to run the system out of
          ports under certain circumstances.  This most commonly occurs
          when you are running a heavily loaded web proxy.  The port range
          is not an issue when running servers which handle mainly incoming
          connections, such as a normal web server, or has a limited number
          of outgoing connections, such as a mail relay.  For situations
          where you may run yourself out of ports, it is recommended to
          increase <varname>net.inet.ip.portrange.last</varname> modestly.
          A value of <literal>10000</literal>, <literal>20000</literal> or
          <literal>30000</literal> may be reasonable.  You should also
          consider firewall effects when changing the port range.  Some
          firewalls may block large ranges of ports (usually low-numbered
          ports) and expect systems to use higher ranges of ports for
          outgoing connections &mdash; for this reason it is recommended that
          <varname>net.inet.ip.portrange.first</varname> be lowered.</para>
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      </sect3>
.....

The question is about last sentence of this section ("Some
firewalls may block ...."). While net.inet.ip.portrange.first
should be lowered when some firewall in general may block
ranges of low-numbered ports? I think it should be increased,
or not?

--
Marco Trentini                [hidden email]
http://www.remotelab.org/
pgp public key at:
http://www.remotelab.org/~mark/share/mark.asc
Key fingerprint = 2EBB 1F84 0FE4 FDB2 A40A  D8DC B487 6AAD D755 239D
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: A little question in the config chapter (handbook)

Alex Dupre
Marco Trentini wrote:
> The question is about last sentence of this section ("Some
> firewalls may block ...."). While net.inet.ip.portrange.first
> should be lowered when some firewall in general may block
> ranges of low-numbered ports? I think it should be increased,
> or not?

Not increased and not lowered. It is recommended to 'not' touch it and
in particular to 'not' lower it. Fixed, thanks!

--
Alex Dupre
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "[hidden email]"