Re: amd sitting on ldaps port

From: Sean McNeil <sean_at_mcneil.com>
Date: Wed, 06 Oct 2004 19:46:50 -0700
On Wed, 2004-10-06 at 18:30, Dan Nelson wrote:
> In the last episode (Oct 06), Sean McNeil said:
> > On Wed, 2004-10-06 at 13:59, Dan Nelson wrote:
> > > In the last episode (Oct 06), Sean McNeil said:
> > > > Looking at /etc/services is states that 636 is for ldaps, but I see that
> > > > amd is using it:
> > > > 
> > > > server# sockstat | grep 636
> > > > root     amd        468   5  tcp4   *:636                 *:*
> > > 
> > > That's just a random port rpcbind assigned to the "amd" rpc service. 
> > > If you reboot I bet it'll bind to a different port.  Run "rpcinfo -p
> > > localhost" to see all the local port numbers assigned to RPC clients.
> > 
> > OK, but aren't there rules about rpc allowing assigned ports like that? 
> 
> Not as far as I know.  I suppose bindresvport() could be changed to
> walk /etc/services and only use one of the 450 reserved ports not
> listed.  Another alternative is to set the
> net.inet.ip.portrange.lowlast sysctl a little higher; 700 maybe. 
> 600-1024 is the portrange that has been historically assigned as "local
> port numbers that root processes can use".

Great.  I've added

net.inet.ip.portrange.lowlast=700

to my /etc/sysctl.conf and it worked as advertised.  Thanks.

Sean


Received on Thu Oct 07 2004 - 00:46:55 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:16 UTC