httpd 2.4.12 ignoring net.ipv4.ip_local_port_range

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

Will try to be concise:

OS: Amazon Linux 2015.03 x86_64
Precise package: httpd24-2.4.12-1.60.amzn1.x86_64

Apache httpd 2.4 in use as SSL proxy.

$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768    61000

One remote client was unable to connect. Amazon subnet ACL in place permitting response communication with the ephemeral port rage 32768-61000 as defined in /proc/sys/net/ipv4/ip_local_port_range and confirmed as above by sysctl. Client successfully connected after enlarging subnet ACL to permit responses on 1025-65536.

Once client connected (<remote ipv4 addr 1>); the following shows in netstat

tcp        0      0 ::ffff:<local ipv4 addr>:443      ::ffff:<remote ipv4 addr 1>:63158    TIME_WAIT   -
tcp        0      0 ::ffff:<local ipv4 addr>:443      ::ffff:<remote ipv4 addr 1>:63156    TIME_WAIT   -
tcp        0      0 ::ffff:<local ipv4 addr>:443      ::ffff:<remote ipv4 addr 1>:63157    TIME_WAIT   -
tcp        0      0 ::ffff:<local ipv4 addr>:443      ::ffff:<remote ipv4 addr 2>:42875 TIME_WAIT   -
tcp        0      0 ::ffff:<local ipv4 addr>:443      ::ffff:<remote ipv4 addr 1>:63159    TIME_WAIT   -

This client is getting responses from httpd on ports 63156+

As far as I understand it this should not be permitted as the maximum local port is set to 61000.

Bug? Feature?

Thanks in advance.
--

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux