Date: Wed, 06 Oct 2004 19:46:50 -0700 From: Sean McNeil <sean@mcneil.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-current@freebsd.org Subject: Re: amd sitting on ldaps port Message-ID: <1097117210.1089.1.camel@server> In-Reply-To: <20041007013001.GH3848@dan.emsphone.com> References: <1097095438.1208.7.camel@server> <1097102594.1805.4.camel@server> <20041007013001.GH3848@dan.emsphone.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, 2004-10-06 at 18:30, Dan Nelson wrote: > In the last episode (Oct 06), Sean McNeil said: > > On Wed, 2004-10-06 at 13:59, Dan Nelson wrote: > > > In the last episode (Oct 06), Sean McNeil said: > > > > Looking at /etc/services is states that 636 is for ldaps, but I see that > > > > amd is using it: > > > > > > > > server# sockstat | grep 636 > > > > root amd 468 5 tcp4 *:636 *:* > > > > > > That's just a random port rpcbind assigned to the "amd" rpc service. > > > If you reboot I bet it'll bind to a different port. Run "rpcinfo -p > > > localhost" to see all the local port numbers assigned to RPC clients. > > > > OK, but aren't there rules about rpc allowing assigned ports like that? > > Not as far as I know. I suppose bindresvport() could be changed to > walk /etc/services and only use one of the 450 reserved ports not > listed. Another alternative is to set the > net.inet.ip.portrange.lowlast sysctl a little higher; 700 maybe. > 600-1024 is the portrange that has been historically assigned as "local > port numbers that root processes can use". Great. I've added net.inet.ip.portrange.lowlast=700 to my /etc/sysctl.conf and it worked as advertised. Thanks. Sean [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBZK4ayQsGN30uGE4RAnH5AKDGkKAXVL9xxSbuhfr2wg0rT5hUtwCgk9Ln qybQXWGDsZdPPbfiAmme1aA= =6qvc -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1097117210.1089.1.camel>