Hi everyone, I am trying to get my firewall rules tighter and the question is defining the ip_localport range which is currently >1024 < 5000 . man ip refers this part as "first number >1024 better >4096 to avoid clashes with well known ports and to minimize problems" 1) How do you define the upper limit to be in controlled number ? 2) By adjusting this range beginning >4096 , I understand the benefit with the well known ports yet minimization of the problems is unclear to me can I have a basic layman's level elobaration on this part ? -- Togan Muftuoglu
man ip refers this part as "first number >1024 better >4096 to avoid clashes with well known ports and to minimize problems" better use >32000 and <61000, this is also default for linux 2.4.x there are some ports above 4096 (like 6000 for X windows and 580x for VNC) which fall into the "known ports" cathegory 1) How do you define the upper limit to be in controlled number ? echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
hth Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Hi,
* Markus Gaugusch;
better use >32000 and <61000, this is also default for linux 2.4.x
Also for a firewall machine serving a masquareded net ?
which fall into the "known ports" cathegory
1) How do you define the upper limit to be in controlled number ? echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
Well I was trying to ask if there was math behind it :-) Thx -- Togan Muftuoglu
I know that the linux implementation of NFS uses port 2049. So on my
solaris machines I have to set the tcp_smallest_nonpriv_port to 2050.
I never did understand why it ran NFS, which should be on a priviledged
port, on a high port.
So there is another reason to protect ports <2050.
--
James F. Wilkus
participants (4)
-
James F Wilkus
-
listuser@seifried.org
-
Markus Gaugusch
-
Togan Muftuoglu