From owner-freebsd-doc@FreeBSD.ORG Sun Nov 6 11:32:54 2005 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38E4216A420 for ; Sun, 6 Nov 2005 11:32:54 +0000 (GMT) (envelope-from mark@remotelab.org) Received: from 194-185-53-242.f5.ngi.it (194-185-53-242.f5.ngi.it [194.185.53.242]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62A8543D45 for ; Sun, 6 Nov 2005 11:32:52 +0000 (GMT) (envelope-from mark@remotelab.org) Received: from einstein.lab (localhost. [127.0.0.1]) by 194-185-53-242.f5.ngi.it (8.13.4/8.13.4) with ESMTP id jA6BWoUd083371 for ; Sun, 6 Nov 2005 12:32:50 +0100 (CET) (envelope-from mark@remotelab.org) Received: from einstein.lab (localhost.lab [127.0.0.1]) by einstein.lab (8.13.4/8.13.4) with ESMTP id jA6BWUqo084246 for ; Sun, 6 Nov 2005 12:32:30 +0100 (CET) (envelope-from mark@einstein.lab) Received: (from mark@localhost) by einstein.lab (8.13.4/8.13.4/Submit) id jA6BWUec084245 for freebsd-doc@freebsd.org; Sun, 6 Nov 2005 12:32:30 +0100 (CET) (envelope-from mark) Date: Sun, 6 Nov 2005 12:32:30 +0100 From: Marco Trentini To: freebsd-doc@freebsd.org Message-ID: <20051106113230.GD14434@einstein.lab> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Operating-System: FreeBSD einstein.lab 5.4-STABLE i386 User-Agent: Mutt/1.5.11 Subject: A little question in the config chapter (handbook) X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2005 11:32:54 -0000 While reading the chapter I met up in this section: ..... <varname>net.inet.ip.portrange.*</varname> net.inet.ip.portrange.* The net.inet.ip.portrange.* sysctl variables control the port number ranges automatically bound to TCP and UDP sockets. There are three ranges: a low range, a default range, and a high range. Most network programs use the default range which is controlled by the net.inet.ip.portrange.first and net.inet.ip.portrange.last, which default to 1024 and 5000, respectively. Bound port ranges are used for outgoing connections, and it is possible to run the system out of ports under certain circumstances. This most commonly occurs when you are running a heavily loaded web proxy. The port range is not an issue when running servers which handle mainly incoming connections, such as a normal web server, or has a limited number of outgoing connections, such as a mail relay. For situations where you may run yourself out of ports, it is recommended to increase net.inet.ip.portrange.last modestly. A value of 10000, 20000 or 30000 may be reasonable. You should also consider firewall effects when changing the port range. Some firewalls may block large ranges of ports (usually low-numbered ports) and expect systems to use higher ranges of ports for outgoing connections — for this reason it is recommended that net.inet.ip.portrange.first be lowered. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ..... The question is about last sentence of this section ("Some firewalls may block ...."). While net.inet.ip.portrange.first should be lowered when some firewall in general may block ranges of low-numbered ports? I think it should be increased, or not? -- Marco Trentini mark@remotelab.org http://www.remotelab.org/ pgp public key at: http://www.remotelab.org/~mark/share/mark.asc Key fingerprint = 2EBB 1F84 0FE4 FDB2 A40A D8DC B487 6AAD D755 239D