Re: transparent proxy and port assignment

Brian Ristuccia (brianr@osiris.978.org)
Fri, 19 Feb 1999 13:38:21 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michal Jaegermann: "Re: Ejecting a mounted CD-ROM works :-("
Previous message: Dale E. Martin: "2.2.2-pre4 - lots of hanging processes."
In reply to: Paul Rusty Russell: "Re: transparent proxy and port assignment"

On Fri, Feb 19, 1999 at 10:51:29AM +1130, Paul Rusty Russell wrote:
> In message <19990218130710.U569@osiris.978.org> you write:
> > I'm using transparent proxy to redirect ports 8000-8799 on my box to other
> > ports. (it's to help folks get around port filters)
> >
> > I need to know these ports are marked as used or not by the kernel, or if
> > there's a way to do this -- specificly, I'd like to avoid a user process
> > from accidentally getting stuck with one of those ports when trying to make
> > an outgoing connection or dynamicly assigned listening port (like an IRC
> > DCC).
>
> This is one of the problems with redirect. Look at
> net/ipv4/tcp_ipv4.c's tcp_good_socknum(), and hack it not to return
> those values.
>

After looking at this source file you mentioned, I found that it determined
the range of safe ports to use for automagic port assignments by looking at
sysctl_local_port_range[0] and sysctl_local_port_range[1] which can be
modified from user space via /proc/sys/net/ipv4/ip_local_port_range

It would be nice if I could make attempts to bind redirected ports return
EINVAL or whatever, but this is good enough for now.

-- Brian Ristuccia brianr@osiris.978.org bristucc@baynetworks.com bristucc@cs.uml.edu

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Michal Jaegermann: "Re: Ejecting a mounted CD-ROM works :-("
Previous message: Dale E. Martin: "2.2.2-pre4 - lots of hanging processes."
In reply to: Paul Rusty Russell: "Re: transparent proxy and port assignment"