net.ipv4.ip_local_port_rangeでエフェメラルポートを指定するが
45000番あたりを使うアプリがあったりしてデフォルトの値からどっちに寄せようか迷ったりしていた。(RHEL4)
デフォルトから
net.ipv4.ip_local_port_range = 32768 61000
手前に寄せるか
net.ipv4.ip_local_port_range = 32768 45000
後ろに寄せるか
net.ipv4.ip_local_port_range = 45000 65000
久しぶりに環境を作っていたらRHEL5.6以降 net.ipv4.ip_local_reserved_ports というパラメータが入ったようなので調べてみたところ
617 ip_local_reserved_ports - list of comma separated ranges 618 Specify the ports which are reserved for known third-party 619 applications. These ports will not be used by automatic port 620 assignments (e.g. when calling connect() or bind() with port 621 number 0). Explicit port allocation behavior is unchanged. 622 623 The format used for both input and output is a comma separated 624 list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and 625 10). Writing to the file will clear all previously reserved 626 ports and update the current list with the one given in the 627 input. 628 629 Note that ip_local_port_range and ip_local_reserved_ports 630 settings are independent and both are considered by the kernel 631 when determining which ports are available for automatic port 632 assignments. 633 634 You can reserve ports which are not in the current 635 ip_local_port_range, e.g.: 636 637 $ cat /proc/sys/net/ipv4/ip_local_port_range 638 32000 61000 639 $ cat /proc/sys/net/ipv4/ip_local_reserved_ports 640 8080,9148 641 642 although this is redundant. However such a setting is useful 643 if later the port range is changed to a value that will 644 include the reserved ports. 645 646 Default: Empty
net.ipv4.ip_local_port_rangeの範囲から特定のportを予約済にしてエフェメラルポート設定をすることが可能。
net.ipv4.ip_local_port_range = 32768 61000 net.ipv4.ip_local_reserved_ports = 45000-45999,47000-47999