On Wed, 20 Mar 2002, fooler wrote:
>
> i would like to add to this..... root or non-root, it will usually use the
> *ephemeral* ports (short-lived ports usually in the range from 1024 to 5000)
> as source port
>
the ephemeral ports depends on what unix box you're using.
there is no real standard except that unix implementations gear towards
assigning ports from 1024 to 65535 for any process. and that only
root processes 'explicitly' asking for a lower port are granted source
ports lower than 1024.
fortunately on linux you have full control on these vague issue by
peeking/poking values at
/proc/sys/net/ipv4/ip_local_port_range (a sysctl variable).
the defaults are:
on linux 2.2, it's between 1024 to 4999.
on linux 2.4, it's between 32768 to 61000.
so if you really want a tightly controlled source-port-to-firewall setup
on linux, redefine ip_local_port_range.
cheers!
pong
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
