Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 02 Dec 2014 15:13:23 -0500
From:      Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To:        "FreeBSD Questioner" <freebsd-questions@gmx.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Reserving localhost port numbers
Message-ID:  <44d281ajz0.fsf@be-well.ilk.org>
In-Reply-To: <trinity-2843f6bc-834a-464e-a671-a16327e982ae-1417549546056@3capp-mailcom-lxa06> (FreeBSD Questioner's message of "Tue, 2 Dec 2014 20:45:46 %2B0100")
References:  <trinity-2843f6bc-834a-464e-a671-a16327e982ae-1417549546056@3capp-mailcom-lxa06>
next in thread | previous in thread | raw e-mail | index | archive | help 
"FreeBSD Questioner" <freebsd-questions@gmx.com> writes:

> This question is regarding a networking scheme, utilizing multiple
> remote sensor systems in the field, which connect to a central freebsd
> server via ssh.
>
> When making these connections, the remote field systems "reverse
> tunnel" certain listening ports to the server via the ssh -R
> parameter.

Ouch. That's pretty ugly, and (because you'll be running TCP over TCP)
may not perform well. You might want to consider an architecture with an
intermediary agent on the central server instead.

> Since there are multiple field systems, each one has a unique offset
> to which to map it's listening ports, when tunneling them to the
> central server. This prevents multiple field systems from attempting
> to listen on the same port number on the central server.
>
> My question involves these listening port numbers on the central freebsd server: 
>
> Is there a way to reserve a block of port numbers, preventing them
> from being used as "ephemeral" ports, by other network traffic on the
> central server?
>
> It would be desirable to reserve a block of 10000 or so ports, anywhere above the 1024 "privileged port" range.
>
> Thank you for any suggestions or references that may shed light on
> managing the networking stack's allocation of localhost port numbers.

Are the sysctls in the net.inet.ip.portrange. set what you're looking for?

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44d281ajz0.fsf>