On Tue, 22 Oct 2002, Marc G. Fournier wrote: > Just a quick question ... how does the OS determine the 'source port' when > connecting to a remote site? is it reasonably safe to assume that the > lower of the two ports is the dest port? for instance, if I try to telnet > to a remote site where the remote site is running a service on port 6667, > is it a pretty safe bet that FreeBSD will pick a port >6667 to go out on? > or is there an equal chance of it being lower?
The ephemeral port range used for source ports on outbound connects is controllable through sysctl: net.inet.ip.portrange.first: 49152 net.inet.ip.portrange.last: 65535 And different between -stable and -current. (-stable uses the values 1024 through 5000.) Note also that there is a hifirst->hilast range as well, which is used by ftp and some other apps. You would be very wise to not create any firewall rules which depended on there being any relation between the ephemeral ports and whatever you are connecting to. (In addition, there's nothing stopping a program from picking a port 1024 < x < 65535 of its own choosing.) Mike "Silby" Silbersack To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
