2020-04-03 - reserving non-privileged ports on linux

using TCP/UDP ports < 1024 is reserved for root. OS will never auto-assign it to anything (eg. random source port when creating new TCP connection). these are however reserved for root user and are also typically already allocated for standard services, you do not wish to be confused with.

so normally you use port numbers above 1024. there is a catch, though – in that range, kernel will auto-assign ports as well. while most of the time you're going to be just fine, there is a small chance you'll be out of luck and will try to use port, that is already in use by some other, random client, outside of your jurisdiction.

it turns out there is a solution for that – you can reserve port range or particular ports for these purposes! :)

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768	60999
$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
4242,5151

by writing to these files (or doing proper sysctl) you can control which ports are to be used by kernel for auto-assigning (ip_local_port_range) and which ports are reserved and should never be used for these purposes (ip_local_reserved_ports). the setting is redundant, it is a bit easier to manage, as auto-assign port range can overlap with reserved ports, thus you effectively “remove” some ports from the pool.

blog/2020/04/03/2020-04-03_-_reserving_non-privileged_ports_on_linux.txt · Last modified: 2020/04/03 21:18 by basz
Back to top
Valid CSS Driven by DokuWiki Recent changes RSS feed Valid XHTML 1.0