Re: Dynamic TCP reserved ports allocated in which range?

Jamie Lokier (ln@tantalophile.demon.co.uk)
Wed, 25 Apr 2001 14:43:38 +0200


Dr. Michael Weller wrote:
> For a firewall setup I need to know in which range applications like
> rsh, or better yet the rresvport() libc function allocate reserved ports.
>
> Do I have to expect ports in the whole 1..1024 range (maybe omitting those
> already in use by other servers) or is only a limited range used (like
> 512-1023).

This isn't a kernel question as the allocation is handled entirely by
userspace. Userspace tries each port in turn until it finds one that
isn't used at the moment.

The non-privileged local port range can be read from and written to
/proc/sys/net/ipv4/ip_local_port_range, but that's not your question.

The man page for rresvport() says:

The rresvport() function is used to obtain a socket with a
privileged address bound to it. This socket is suitable for use by
rcmd() and several other functions. Privileged Internet ports are
those in the range 0 to 1023. Only the super-user is allowed to
bind an address of this sort to a socket.

For a firewall, you should probably distinguish these ports from fixed
services ports (like ssh and smtp) by having different rules for
Outgoing and Incoming connections. This is done by matching on the TCP
SYN and ACK flags (see any firewall tutorial).

enjoy,
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/