Help me understand something, please. In SuSE 10 I see: > cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000
However with VSFTP I seem to be using an ephemeral port outside that range: Finding Host whatever.ca.com ... Connecting to 123.123.123.123:21 Connected to 123.123.123.123:21 in 0.203093 seconds, Waiting for Server Response 220 "This is CA service." Host type (1): Automatic detect USER anonymous 331 Please specify the password. PASS (hidden) 230 Login successful. SYST 215 UNIX Type: L8 Host type (2): UNIX (standard) PWD 257 "/" CWD / 250 Directory successfully changed. PWD 257 "/" TYPE A 200 Switching to ASCII mode. PASV 227 Entering Passive Mode (123,123,123,123,120,134) connecting data channel to 123.123.123.123:120,134(30854) data channel connected to 123.123.123.123:120,134(30854) LIST 150 Here comes the directory listing. transferred 955 bytes in < 0.001 seconds, 7460.938 Kbps ( 932.617 KBps), transfer succeeded. 226 Directory send OK. I did -not- encode these records in VSFTP's configuration, as I thought TCP/IP's limits would be in effect. pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) pasv_min_port The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) My question is this: Why are the TCP/IP limits on the ephemeral ports not enforced? ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390