amd sitting on ldaps port

Sean McNeil sean at mcneil.com
Wed Oct 6 19:46:55 PDT 2004


On Wed, 2004-10-06 at 18:30, Dan Nelson wrote:
> In the last episode (Oct 06), Sean McNeil said:
> > On Wed, 2004-10-06 at 13:59, Dan Nelson wrote:
> > > In the last episode (Oct 06), Sean McNeil said:
> > > > Looking at /etc/services is states that 636 is for ldaps, but I see that
> > > > amd is using it:
> > > > 
> > > > server# sockstat | grep 636
> > > > root     amd        468   5  tcp4   *:636                 *:*
> > > 
> > > That's just a random port rpcbind assigned to the "amd" rpc service. 
> > > If you reboot I bet it'll bind to a different port.  Run "rpcinfo -p
> > > localhost" to see all the local port numbers assigned to RPC clients.
> > 
> > OK, but aren't there rules about rpc allowing assigned ports like that? 
> 
> Not as far as I know.  I suppose bindresvport() could be changed to
> walk /etc/services and only use one of the 450 reserved ports not
> listed.  Another alternative is to set the
> net.inet.ip.portrange.lowlast sysctl a little higher; 700 maybe. 
> 600-1024 is the portrange that has been historically assigned as "local
> port numbers that root processes can use".

Great.  I've added

net.inet.ip.portrange.lowlast=700

to my /etc/sysctl.conf and it worked as advertised.  Thanks.

Sean

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20041006/7b2e2828/attachment.bin


More information about the freebsd-current mailing list