Hi all,
Will try to be concise:
OS: Amazon Linux 2015.03 x86_64
Precise package: httpd24-2.4.12-1.60.amzn1.x86_64
Apache httpd 2.4 in use as SSL proxy.
$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768 61000
One remote client was unable to connect. Amazon subnet ACL in place permitting response communication with the ephemeral port rage 32768-61000 as defined in /proc/sys/net/ipv4/ip_local_port_range and confirmed as above by sysctl. Client successfully connected after enlarging subnet ACL to permit responses on 1025-65536.
Once client connected (<remote ipv4 addr 1>); the following shows in netstat
tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63158 TIME_WAIT -
tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63156 TIME_WAIT -
tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63157 TIME_WAIT -
tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 2>:42875 TIME_WAIT -
tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63159 TIME_WAIT -