From owner-freebsd-doc@freebsd.org Thu Nov 30 16:25:53 2017 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B645E650E3 for ; Thu, 30 Nov 2017 16:25:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 595076B0AC for ; Thu, 30 Nov 2017 16:25:53 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vAUGPrRc029078 for ; Thu, 30 Nov 2017 16:25:53 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-doc@FreeBSD.org Subject: [Bug 223997] FreeBSD Handbook Section 11.11 Guidelines on net.inet.ip.portrange obselete Date: Thu, 30 Nov 2017 16:25:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Documentation X-Bugzilla-Component: Documentation X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: vmiller@hostileadmin.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-doc@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2017 16:25:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D223997 Bug ID: 223997 Summary: FreeBSD Handbook Section 11.11 Guidelines on net.inet.ip.portrange obselete Product: Documentation Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Documentation Assignee: freebsd-doc@FreeBSD.org Reporter: vmiller@hostileadmin.com The FreeBSD Handbook[1] had this to say regarding net.inet.ip.portrange.* sysctl variables: =E2=80=9CThe net.inet.ip.portrange.* sysctl(8) variables control the port n= umber ranges automatically bound to TCP and UDP sockets. There are three ranges: a low range, a default range, and a high range. Most network programs use the def= ault range which is controlled by net.inet.ip.portrange.first and net.inet.ip.portrange.last, which default to 1024 and 5000, respectively. B= ound port ranges are used for outgoing connections and it is possible to run the system out of ports under certain circumstances. This most commonly occurs = when running a heavily loaded web proxy. The port range is not an issue when run= ning a server which handles mainly incoming connections, such as a web server, or has a limited number of outgoing connections, such as a mail relay. For situations where there is a shortage of ports, it is recommended to increase net.inet.ip.portrange.last modestly. A value of 10000, 20000 or 30000 may be reasonable. Consider firewall effects when changing the port range. Some firewalls may block large ranges of ports, usually low-numbered ports, and expect systems to use higher ranges of ports for outgoing connections. For = this reason, it is not recommended that the value of net.inet.ip.portrange.first= be lowered.=E2=80=9D FreeBSD 11.1 deploys values contrary to those above: # uname -sr FreeBSD 11.1-STABLE # sysctl net.inet.ip.portrange net.inet.ip.portrange.randomtime: 45 net.inet.ip.portrange.randomcps: 10 net.inet.ip.portrange.randomized: 1 net.inet.ip.portrange.reservedlow: 0 net.inet.ip.portrange.reservedhigh: 1023 net.inet.ip.portrange.hilast: 65535 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.last: 65535 net.inet.ip.portrange.first: 10000 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.lowfirst: 1023 A commit in March 2008[2] sets net.inet.ip.portrange.first and last to 10000 and 65535 respectively. It=E2=80=99s apparently obvious The FreeBSD Handboo= k includes obsolete guidelines. This raises the question =E2=80=9Chow does this change= the advice given in The Handbook?=E2=80=9D Can The Handbook be updated to reflect modern guidelines surrounding using these kernel tunables? [1] https://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html [2] https://svnweb.freebsd.org/base/stable/11/sys/netinet/in.h?revision=3D17680= 5&view=3Dmarkup --=20 You are receiving this mail because: You are the assignee for the bug.=