Re: Dynamic TCP reserved ports allocated in which range?

From: Jamie Lokier (ln@tantalophile.demon.co.uk)
Date: Wed Apr 25 2001 - 07:43:38 EST


Dr. Michael Weller wrote:
> For a firewall setup I need to know in which range applications like
> rsh, or better yet the rresvport() libc function allocate reserved ports.
>
> Do I have to expect ports in the whole 1..1024 range (maybe omitting those
> already in use by other servers) or is only a limited range used (like
> 512-1023).

This isn't a kernel question as the allocation is handled entirely by
userspace. Userspace tries each port in turn until it finds one that
isn't used at the moment.

The non-privileged local port range can be read from and written to
/proc/sys/net/ipv4/ip_local_port_range, but that's not your question.

The man page for rresvport() says:

     The rresvport() function is used to obtain a socket with a
     privileged address bound to it. This socket is suitable for use by
     rcmd() and several other functions. Privileged Internet ports are
     those in the range 0 to 1023. Only the super-user is allowed to
     bind an address of this sort to a socket.

For a firewall, you should probably distinguish these ports from fixed
services ports (like ssh and smtp) by having different rules for
Outgoing and Incoming connections. This is done by matching on the TCP
SYN and ACK flags (see any firewall tutorial).

enjoy,
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org



This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:29 EST