Help me understand something, please. In SuSE 10 I see:
> cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
However with VSFTP I seem to be using an ephemeral port outside that
range:
Finding Host whatever.ca.com ...
Connecting to 123.123.123.123:21
Connected to 123.123.123.123:21 in 0.203093 seconds, Waiting for Server
Response
220 "This is CA service."
Host type (1): Automatic detect
USER anonymous
331 Please specify the password.
PASS (hidden)
230 Login successful.
SYST
215 UNIX Type: L8
Host type (2): UNIX (standard)
PWD
257 "/"
CWD /
250 Directory successfully changed.
PWD
257 "/"
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (123,123,123,123,120,134)
connecting data channel to 123.123.123.123:120,134(30854)
data channel connected to 123.123.123.123:120,134(30854)
LIST
150 Here comes the directory listing.
transferred 955 bytes in < 0.001 seconds, 7460.938 Kbps ( 932.617 KBps),
transfer succeeded.
226 Directory send OK.
I did -not- encode these records in VSFTP's configuration, as I thought
TCP/IP's limits would be in effect.
pasv_max_port
The maximum port to allocate for PASV style data connections. Can be
used to specify a narrow port range to assist firewalling.
Default: 0 (use any port)
pasv_min_port
The minimum port to allocate for PASV style data connections. Can be
used to specify a narrow port range to assist firewalling.
Default: 0 (use any port)
My question is this: Why are the TCP/IP limits on the ephemeral ports
not enforced?
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
