Hi everyone, I am trying to get my firewall rules tighter and the question is defining the ip_localport range which is currently >1024 < 5000 . man ip refers this part as "first number >1024 better >4096 to avoid clashes with well known ports and to minimize problems" 1) How do you define the upper limit to be in controlled number ? 2) By adjusting this range beginning >4096 , I understand the benefit with the well known ports yet minimization of the problems is unclear to me can I have a basic layman's level elobaration on this part ? -- Togan Muftuoglu
Hi, * Markus Gaugusch; <markus@gaugusch.dhs.org> on 22 Aug, 2001 wrote:
better use >32000 and <61000, this is also default for linux 2.4.x
Also for a firewall machine serving a masquareded net ?
Well I was trying to ask if there was math behind it :-) Thx -- Togan Muftuoglu
I know that the linux implementation of NFS uses port 2049. So on my solaris machines I have to set the tcp_smallest_nonpriv_port to 2050. I never did understand why it ran NFS, which should be on a priviledged port, on a high port. So there is another reason to protect ports <2050. -- James F. Wilkus <t f l a t @ a s t r o c r e e p . n e t> *nix SysAdmin, 'rewt shells are sweet.' http://astrocreep.net || irc.openprojects.net #tflat &geek if $tflat; PGP FingerPrint: E087 9CB8 5516 311D FD8C 14C8 9765 76B4 7A25 1E76
participants (4)
-
James F Wilkus
-
listuser@seifried.org
-
Markus Gaugusch
-
Togan Muftuoglu