Date: Mon, 26 Apr 2004 20:42:58 +0200 From: Andre Oppermann <andre@freebsd.org> To: Mike Silbersack <silby@silby.com> Cc: Mike Tancsa <mike@sentex.net> Subject: Re: cvs commit: src/sys/netinet in_pcb.c Message-ID: <408D5832.83F3B979@freebsd.org> References: <200404232331.i3NNVsXV094917@repoman.freebsd.org> <20040423220212.C1915@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack wrote: > > On Fri, 23 Apr 2004, Mike Tancsa wrote: > > > Hi, thanks for this commit. I notice, > > > > net.inet.ip.portrange.lowfirst: 1023 > > net.inet.ip.portrange.lowlast: 600 > > net.inet.ip.portrange.first: 1024 > > net.inet.ip.portrange.last: 5000 > > net.inet.ip.portrange.hifirst: 49152 > > net.inet.ip.portrange.hilast: 65535 > > net.inet.ip.portrange.randomized: 1 > > > > > > How are the ranges allocated to applications ? A quick test of 30 > > sequential outbound connections to another box on port 25 shows all > > allocations in the 1024 to 5000 range. Is this the way it is supposed to > > be ? Also, is there any caveats about moving that range from say 4000 to > > 20000 ? > > > > ---Mike > > The randomization is within the selected range, not randomization between > ranges. > > You can change the first -> last range to anything you like, as long as > you stay above 1024. The RFCs say to use 49152->65535, but some OSes use > 1024->32768, some use 32768->65535, so anything you pick will be equally > ok. :) We should change our defaults for first/last form the very limited space to something much larger: net.inet.ip.portrange.first: 1024 -> 1024 net.inet.ip.portrange.last: 5000 -> 49151 At least OpenBSD has it this big for quite some time. AFAIK NetBSD too. > Ignore the hifirst/hilast range, that's really only used by ftpd, it was a > way to give ftpd a larger range of ports without changing first/last. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?408D5832.83F3B979>