From owner-freebsd-questions@FreeBSD.ORG  Tue Dec  2 20:13:29 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EB63228B
 for <freebsd-questions@freebsd.org>; Tue,  2 Dec 2014 20:13:29 +0000 (UTC)
Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173])
 by mx1.freebsd.org (Postfix) with ESMTP id C2F6FCCA
 for <freebsd-questions@freebsd.org>; Tue,  2 Dec 2014 20:13:29 +0000 (UTC)
Received: by be-well.ilk.org (Postfix, from userid 1147)
 id 94FE133C24; Tue,  2 Dec 2014 15:13:23 -0500 (EST)
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
To: "FreeBSD Questioner" <freebsd-questions@gmx.com>
Subject: Re: Reserving localhost port numbers
References: <trinity-2843f6bc-834a-464e-a671-a16327e982ae-1417549546056@3capp-mailcom-lxa06>
Date: Tue, 02 Dec 2014 15:13:23 -0500
In-Reply-To: <trinity-2843f6bc-834a-464e-a671-a16327e982ae-1417549546056@3capp-mailcom-lxa06>
 (FreeBSD Questioner's message of "Tue, 2 Dec 2014 20:45:46 +0100")
Message-ID: <44d281ajz0.fsf@be-well.ilk.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 20:13:30 -0000

"FreeBSD Questioner" <freebsd-questions@gmx.com> writes:

> This question is regarding a networking scheme, utilizing multiple
> remote sensor systems in the field, which connect to a central freebsd
> server via ssh.
>
> When making these connections, the remote field systems "reverse
> tunnel" certain listening ports to the server via the ssh -R
> parameter.

Ouch. That's pretty ugly, and (because you'll be running TCP over TCP)
may not perform well. You might want to consider an architecture with an
intermediary agent on the central server instead.

> Since there are multiple field systems, each one has a unique offset
> to which to map it's listening ports, when tunneling them to the
> central server. This prevents multiple field systems from attempting
> to listen on the same port number on the central server.
>
> My question involves these listening port numbers on the central freebsd server: 
>
> Is there a way to reserve a block of port numbers, preventing them
> from being used as "ephemeral" ports, by other network traffic on the
> central server?
>
> It would be desirable to reserve a block of 10000 or so ports, anywhere above the 1024 "privileged port" range.
>
> Thank you for any suggestions or references that may shed light on
> managing the networking stack's allocation of localhost port numbers.

Are the sysctls in the net.inet.ip.portrange. set what you're looking for?