From owner-freebsd-questions@freebsd.org Fri Nov 17 03:04:06 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 170E4DB8624 for ; Fri, 17 Nov 2017 03:04:06 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CE2AC77233 for ; Fri, 17 Nov 2017 03:04:05 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id vAH342h3045413 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 16 Nov 2017 21:04:02 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: IPFW: Why can I add port numbers to established and what does that do ? To: Chris Gordon Cc: javocado , freebsd-questions@freebsd.org References: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> From: Tim Daneliuk Message-ID: Date: Thu, 16 Nov 2017 21:03:57 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <4C321B9B-EFA1-411C-8DDB-2399FBCFF4AC@theory14.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Thu, 16 Nov 2017 21:04:03 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: vAH342h3045413 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=-0.896, required 1, autolearn=not spam, ALL_TRUSTED -1.00, AWL 0.10, RP_MATCHES_RCVD -0.00) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Nov 2017 03:04:06 -0000 On 11/16/2017 08:53 PM, Chris Gordon wrote: > No, that is not how this work. There is no renegotiation of ports You missed my point entirely. Socket connections to services like sshd, sendmail, and so forth only rendevouz on the well known port. The server the fork-execs itself with the child going back to listen on the well known port and the parent and client connecting at some ephemeral point. This happens ONCE at initial connection time. If it did not work this way, servers would be prevented from listening for more requests while they handled a single request ... they would effectively be serialized on a request-by-request basis. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/