From owner-freebsd-current@FreeBSD.ORG Thu Oct 7 02:46:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4154016A4CE for ; Thu, 7 Oct 2004 02:46:55 +0000 (GMT) Received: from mail.mcneil.com (mcneil.com [24.199.45.54]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2539743D3F for ; Thu, 7 Oct 2004 02:46:55 +0000 (GMT) (envelope-from sean@mcneil.com) Received: from localhost (localhost.mcneil.com [127.0.0.1]) by mail.mcneil.com (Postfix) with ESMTP id B73E0F18E0; Wed, 6 Oct 2004 19:46:52 -0700 (PDT) Received: from mail.mcneil.com ([127.0.0.1]) by localhost (server.mcneil.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 00667-01; Wed, 6 Oct 2004 19:46:51 -0700 (PDT) Received: from [24.199.45.54] (mcneil.com [24.199.45.54]) by mail.mcneil.com (Postfix) with ESMTP id 345DDF187D; Wed, 6 Oct 2004 19:46:51 -0700 (PDT) From: Sean McNeil To: Dan Nelson In-Reply-To: <20041007013001.GH3848@dan.emsphone.com> References: <1097095438.1208.7.camel@server> <1097102594.1805.4.camel@server> <20041007013001.GH3848@dan.emsphone.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-hYdW2n36Ee39S2BDnX1y" Message-Id: <1097117210.1089.1.camel@server> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 06 Oct 2004 19:46:50 -0700 X-Virus-Scanned: by amavisd-new at mcneil.com cc: freebsd-current@freebsd.org Subject: Re: amd sitting on ldaps port X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2004 02:46:55 -0000 --=-hYdW2n36Ee39S2BDnX1y Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-10-06 at 18:30, Dan Nelson wrote: > In the last episode (Oct 06), Sean McNeil said: > > On Wed, 2004-10-06 at 13:59, Dan Nelson wrote: > > > In the last episode (Oct 06), Sean McNeil said: > > > > Looking at /etc/services is states that 636 is for ldaps, but I see= that > > > > amd is using it: > > > >=20 > > > > server# sockstat | grep 636 > > > > root amd 468 5 tcp4 *:636 *:* > > >=20 > > > That's just a random port rpcbind assigned to the "amd" rpc service.=20 > > > If you reboot I bet it'll bind to a different port. Run "rpcinfo -p > > > localhost" to see all the local port numbers assigned to RPC clients. > >=20 > > OK, but aren't there rules about rpc allowing assigned ports like that?= =20 >=20 > Not as far as I know. I suppose bindresvport() could be changed to > walk /etc/services and only use one of the 450 reserved ports not > listed. Another alternative is to set the > net.inet.ip.portrange.lowlast sysctl a little higher; 700 maybe.=20 > 600-1024 is the portrange that has been historically assigned as "local > port numbers that root processes can use". Great. I've added net.inet.ip.portrange.lowlast=3D700 to my /etc/sysctl.conf and it worked as advertised. Thanks. Sean --=-hYdW2n36Ee39S2BDnX1y Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBZK4ayQsGN30uGE4RAnH5AKDGkKAXVL9xxSbuhfr2wg0rT5hUtwCgk9Ln qybQXWGDsZdPPbfiAmme1aA= =6qvc -----END PGP SIGNATURE----- --=-hYdW2n36Ee39S2BDnX1y--