Re: Free TCP/IP port numbers?

[Nicholas Geovanis]

On Sun, Oct 1, 2017 at 7:44 AM, Victor Porton  wrote:
>
>
> I received no satisfactory answer.
> So I feel that there is no Debian policy on using port numbers.
> This policy should be added to Debian!
> It may be something like: "Debian packages (with default configuration) are
> allowed to bind ports 1-1. Ports 10001-32000 are available for users."
> Please discuss.


Trying to return to the original subject
If this is a server environment, you should already know which ports are
open and
in use in your network. There should be no mysteries. Files identifying
configured
port numbers, especially if you have numerous local values, should be
placed
under source-control and distributed/maintained by configuration management
software like salt, puppet, etc. This is the only way that good consistency
can
be maintained, but it affords you great flexibility.

WRT the "no Debian policy on using port numbers", the only authority, so
far as it
goes, is the IANA. Every site may choose to respect or ignore those values
within
the limits of their installed software base and configurability of
applications. Debian
can't really influence that state of affairs and any claims it stakes to
certain ports
are simply going to be ignored in most cases.


> --
> Victor Porton - http://portonvictor.org
>
>

Re: Free TCP/IP port numbers?

[Reco]

Hi.

On Mon, Oct 02, 2017 at 10:23:36AM -0400, Gene Heskett wrote:
> On Monday 02 October 2017 10:04:05 Reco wrote:
> 
> > Hi.
> >
> > On Mon, Oct 02, 2017 at 09:39:38AM -0400, Greg Wooledge wrote:
> > > On Sun, Oct 01, 2017 at 05:47:52PM +0300, Reco wrote:
> > > > Patches are welcome. File a bug against "grep" package, make a
> > > > world a better place.
> > >
> > > It has been my experience, in general, that man page patches are
> > > rarely welcome.  Especially by Debian packagers of programs that get
> > > their man pages from upstream.
> > >
> > > If the program is written *by* Debian, then there may be a chance,
> > > but this is not the case with GNU grep.
> >
> > What benefits the community more - a (possibly) deserved rant in a
> > maillist, or a patch in Debian bugtracker?
> >
> The former gets read by more eyes, and possibly warns others who will 
> never read the bugtracker.  And make me feel better. ;-) My own 
> interfacing with the bug tracker back in my fedora 1 and 2 days was less 
> than a satisfying experience.

But the eyes that are viewing bugtracker usually come attached to hands,
which in turn have an access to a commit bit.
Bugtracker, no matter how ugly - [1], unsatisfying - [2] or weird - [3]
it is - is a small price to pay to achieve greater good.

[1] https://bugzilla.redhat.com/

[2] https://bugs.debian.org

[3] https://bugzilla.suse.com

Reco

Re: Free TCP/IP port numbers?

[rhkramer]

On Monday, October 02, 2017 09:39:38 AM Greg Wooledge wrote:
> On Sun, Oct 01, 2017 at 05:47:52PM +0300, Reco wrote:
> > Patches are welcome. File a bug against "grep" package, make a world a
> > better place.
> 
> It has been my experience, in general, that man page patches are rarely
> welcome. 


> Especially by Debian packagers of programs that get their man
> pages from upstream.

Of course!

But you (or they) could submit it upstream.


> If the program is written *by* Debian, then there may be a chance, but
> this is not the case with GNU grep.

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Monday 02 October 2017 10:04:05 Reco wrote:

>   Hi.
>
> On Mon, Oct 02, 2017 at 09:39:38AM -0400, Greg Wooledge wrote:
> > On Sun, Oct 01, 2017 at 05:47:52PM +0300, Reco wrote:
> > > Patches are welcome. File a bug against "grep" package, make a
> > > world a better place.
> >
> > It has been my experience, in general, that man page patches are
> > rarely welcome.  Especially by Debian packagers of programs that get
> > their man pages from upstream.
> >
> > If the program is written *by* Debian, then there may be a chance,
> > but this is not the case with GNU grep.
>
> What benefits the community more - a (possibly) deserved rant in a
> maillist, or a patch in Debian bugtracker?
>
The former gets read by more eyes, and possibly warns others who will 
never read the bugtracker.  And make me feel better. ;-) My own 
interfacing with the bug tracker back in my fedora 1 and 2 days was less 
than a satisfying experience.

> Reco


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[Reco]

Hi.

On Mon, Oct 02, 2017 at 09:39:38AM -0400, Greg Wooledge wrote:
> On Sun, Oct 01, 2017 at 05:47:52PM +0300, Reco wrote:
> > Patches are welcome. File a bug against "grep" package, make a world a
> > better place.
> 
> It has been my experience, in general, that man page patches are rarely
> welcome.  Especially by Debian packagers of programs that get their man
> pages from upstream.
> 
> If the program is written *by* Debian, then there may be a chance, but
> this is not the case with GNU grep.

What benefits the community more - a (possibly) deserved rant in a
maillist, or a patch in Debian bugtracker?

Reco

Re: Free TCP/IP port numbers?

[Greg Wooledge]

On Sun, Oct 01, 2017 at 05:47:52PM +0300, Reco wrote:
> Patches are welcome. File a bug against "grep" package, make a world a
> better place.

It has been my experience, in general, that man page patches are rarely
welcome.  Especially by Debian packagers of programs that get their man
pages from upstream.

If the program is written *by* Debian, then there may be a chance, but
this is not the case with GNU grep.

Re: Free TCP/IP port numbers?

[Michael Stone]

On Mon, Oct 02, 2017 at 10:19:42AM -, Dan Purgert wrote:

Trouble with ports <1024 is that the process trying to use them will
need root permissions to bind to the port.  This may cause its own
fallout rather than using something in the upper range.


And the advantage of such a port is that a user can't grab a port that 
you want to use the system. (An event which can cause its own fallout, 
as well as potentially being a security problem.) Luckily systemd makes 
it much easier to reserve a port early in the boot process so that's not 
as much of a problem as it used to be.


Mike Stone

Re: Free TCP/IP port numbers?

[Dan Purgert]

Gene Heskett wrote:
> On Sunday 01 October 2017 03:34:19 to...@tuxteam.de wrote:
>
>> On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:
>>
>> [...]
>>
>> > > > Assuring that my port is not in this IANA list is not enough to
>> > > > ensure that my port number will not clash with a port number
>> > > > used by a Debian package (by default).
>> > > >
>> > > > So your answer to my question is wrong.
>> >
>> > In which case debian should publish the unlisted ports they do use,
>> > if for no other reason than to "stake a claim".
>>
>> "Debian" "should". Gene, you "should" know better ;-)
>>
>> Want to start with it? Write a script which scans the /etc files in
>> all Debian packages for network configurations.
>>
> That might be possible IF you wanted to use a tool like grep, but in 30 
> years I've not found a way to silence the "binary file matches" messages 
> from grep. [...]

`grep -a` will force grep to treat a file (regardless of data) as ascii
text.  Beware that a truely binary file will spit out the whole thing.


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: Free TCP/IP port numbers?

[Dan Purgert]

shawn wilson wrote:
> [...]
> Lastly, certain ports are so old, their intended services shouldn't be
> online anymore (see the first 20 ports or 90-110 - off the top of my
> head - not sitting here and going through them) or if the service
> probably won't be used in ICS or on a box designed to be an internet
> backbone, use one of those.
>
Trouble with ports <1024 is that the process trying to use them will
need root permissions to bind to the port.  This may cause its own
fallout rather than using something in the upper range.

-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Sunday 01 October 2017 10:55:33 to...@tuxteam.de wrote:

> On Sun, Oct 01, 2017 at 10:45:53AM -0400, Gene Heskett wrote:
> > On Sunday 01 October 2017 10:11:48 to...@tuxteam.de wrote:
> > > On Sun, Oct 01, 2017 at 09:48:16AM -0400, Gene Heskett wrote:
> > >
> > > [...]
> > >
> > > > -I Process a binary file as if it did not contain matching
> > > > data; this is equivalent to the --binary-files=without-match
> > > > option.
> > > >
> > > > Sure, thats supposed to tell me it will shut that #)^(&^$ noise
> > > > off?
> > >
> > > [swahili]
> > >
> > > Let me respond in a similarly snarky way, will you?
> > >
> > > This option says "assume a binary file doesn't match in the first
> > > place. Don't even check".
> >
> > Izzat what that says?  Why then does it not just say so?
>
> Please go back and digest the quote I snipped for you (for the long
> option). Here a more focused snipped from that:
>
>--binary-files=TYPE
>   If the first few bytes of a file indicate that the file
>   contains binary data [...] By default, TYPE is binary,
>   and grep normally outputs either a one-line message saying
>   that a binary file matches [...]
>   If TYPE is without-match, grep assumes that a binary file
>   does not match [...]

And that, while lots more typing, seems to duplicate the -I option.

> My English module masters this (and it is pretty old too. Moreover, it
> was a cheap second-hand one, labelled "for foreigners" ;-)
>
Chuckle... It is working very well, too. And I thank you for taking the 
trouble to learn a language you didn't often hear growing up. Had I 
stayed in school, the language class choices then were Latin and French. 
But TBT, I didn't stick around, I had an allergy problem which turned 
out to be milk when it was finally found, and my algebra teacher was 
more interested in off-color standup comedy than in teaching algebra, so 
in 1948 there was a job market for tv repairmen, so I quit and went to 
work. Fixing these new-fangled things they called tv sets.  I was 14. So 
I was a geek before the word was invented. :) But now I'm an just old 
geezer that can regale you with stories about some of the BTDT's I've 
done. :)  And I've learned something useful today, thanks to you and 
Reco.

> Hey, the doc even contains the trigger phrase "binary file matches",
> which is how I found the spot in the docs.
>
> > My english reading module is fine.  Out of date maybe, but hey, so
> > is the 60 lb Websters Dictionary we had in school in about 1942.
> > They also taught phonics back then, something the manpage writer may
> > not have taken since they quit teaching it in 1946 or so.
> >
> :-)
>
> Cheers
> -- t


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 10:45:53AM -0400, Gene Heskett wrote:
> On Sunday 01 October 2017 10:11:48 to...@tuxteam.de wrote:
> 
> > On Sun, Oct 01, 2017 at 09:48:16AM -0400, Gene Heskett wrote:
> >
> > [...]
> >
> > > -I Process a binary file as if it did not contain matching data;
> > > this is equivalent to the --binary-files=without-match option.
> > >
> > > Sure, thats supposed to tell me it will shut that #)^(&^$ noise off?
> >
> > [swahili]
> >
> > Let me respond in a similarly snarky way, will you?
> >
> > This option says "assume a binary file doesn't match in the first
> > place. Don't even check".
> 
> Izzat what that says?  Why then does it not just say so?

Please go back and digest the quote I snipped for you (for the long
option). Here a more focused snipped from that:

   --binary-files=TYPE
  If the first few bytes of a file indicate that the file
  contains binary data [...] By default, TYPE is binary,
  and grep normally outputs either a one-line message saying
  that a binary file matches [...]
  If TYPE is without-match, grep assumes that a binary file
  does not match [...]

My English module masters this (and it is pretty old too. Moreover, it
was a cheap second-hand one, labelled "for foreigners" ;-)

Hey, the doc even contains the trigger phrase "binary file matches",
which is how I found the spot in the docs.

> My english reading module is fine.  Out of date maybe, but hey, so is the 
> 60 lb Websters Dictionary we had in school in about 1942. They also 
> taught phonics back then, something the manpage writer may not have 
> taken since they quit teaching it in 1946 or so.

:-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnRAeUACgkQBcgs9XrR2kaGggCeN7j9gWqYebJgnEjrCGg+nn2F
FxEAn0HhpXDmqf1wXj5rEkFE268seGn1
=LZ4s
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[Reco]

Hi.

On Sun, Oct 01, 2017 at 10:45:53AM -0400, Gene Heskett wrote:
> On Sunday 01 October 2017 10:11:48 to...@tuxteam.de wrote:
> 
> > On Sun, Oct 01, 2017 at 09:48:16AM -0400, Gene Heskett wrote:
> >
> > [...]
> >
> > > -I Process a binary file as if it did not contain matching data;
> > > this is equivalent to the --binary-files=without-match option.
> > >
> > > Sure, thats supposed to tell me it will shut that #)^(&^$ noise off?
> >
> > [swahili]
> >
> > Let me respond in a similarly snarky way, will you?
> >
> > This option says "assume a binary file doesn't match in the first
> > place. Don't even check".
> 
> Izzat what that says?  Why then does it not just say so?

Patches are welcome. File a bug against "grep" package, make a world a
better place.

Reco

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Sunday 01 October 2017 10:11:48 to...@tuxteam.de wrote:

> On Sun, Oct 01, 2017 at 09:48:16AM -0400, Gene Heskett wrote:
>
> [...]
>
> > -I Process a binary file as if it did not contain matching data;
> > this is equivalent to the --binary-files=without-match option.
> >
> > Sure, thats supposed to tell me it will shut that #)^(&^$ noise off?
>
> [swahili]
>
> Let me respond in a similarly snarky way, will you?
>
> This option says "assume a binary file doesn't match in the first
> place. Don't even check".

Izzat what that says?  Why then does it not just say so?

> As a consequence, it seems sensible to 
> expect the warnings to go away.
>
> Perhaps your English reading module needs an update? (The writing
> module seems fine to me).
>
My english reading module is fine.  Out of date maybe, but hey, so is the 
60 lb Websters Dictionary we had in school in about 1942. They also 
taught phonics back then, something the manpage writer may not have 
taken since they quit teaching it in 1946 or so.
> ;-P
>
> Cheers
> -- tomás


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 09:48:16AM -0400, Gene Heskett wrote:

[...]

> -I Process a binary file as if it did not contain matching data; this 
> is equivalent to the --binary-files=without-match option.
> 
> Sure, thats supposed to tell me it will shut that #)^(&^$ noise off?

[swahili]

Let me respond in a similarly snarky way, will you?

This option says "assume a binary file doesn't match in the first place.
Don't even check". As a consequence, it seems sensible to expect the
warnings to go away.

Perhaps your English reading module needs an update? (The writing module
seems fine to me).

;-P

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQ96QACgkQBcgs9XrR2kZ5jwCcC4kZZvSntO28PHckVU8aE8yV
f3kAn3r1DPLqCQjfMgeoiDSJrJNjd9Sl
=F8lD
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Sunday 01 October 2017 08:13:00 Reco wrote:

>   Hi.
>
> On Sun, Oct 01, 2017 at 07:43:47AM -0400, Gene Heskett wrote:
> > On Sunday 01 October 2017 03:34:19 to...@tuxteam.de wrote:
> > > On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:
> > >
> > > [...]
> > >
> > > > > > Assuring that my port is not in this IANA list is not enough
> > > > > > to ensure that my port number will not clash with a port
> > > > > > number used by a Debian package (by default).
> > > > > >
> > > > > > So your answer to my question is wrong.
> > > >
> > > > In which case debian should publish the unlisted ports they do
> > > > use, if for no other reason than to "stake a claim".
> > >
> > > "Debian" "should". Gene, you "should" know better ;-)
> > >
> > > Want to start with it? Write a script which scans the /etc files
> > > in all Debian packages for network configurations.
> >
> > That might be possible IF you wanted to use a tool like grep, but in
> > 30 years I've not found a way to silence the "binary file matches"
> > messages from grep.
>
> You haven't looked hard enough. It's "grep -I".
> Those manpages, sometimes reading them works wonders.
>
> Reco

-I Process a binary file as if it did not contain matching data; this 
is equivalent to the --binary-files=without-match option.

Sure, thats supposed to tell me it will shut that #)^(&^$ noise off? I've 
been reading english for about 79 years now. That my friend is Swahili, 
and I don't make a milligram of sense out of THAT.  Sure, it looks like 
english, even reads in common popular english words, but What the hell 
does it mean?  It doesn't say a thing about turning off the unwanted 
noise.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[Michael Stone]

On Sun, Oct 01, 2017 at 03:44:45PM +0300, Victor Porton wrote:

I received no satisfactory answer.

So I feel that there is no Debian policy on using port numbers.

This policy should be added to Debian!

It may be something like: "Debian packages (with default configuration) are
allowed to bind ports 1-1. Ports 10001-32000 are available for users."


It isn't really possible to do this, because of the need to interoperate 
with other systems. IANA may assign ports in the range 0 through 49151. 
Currently Debian/Linux uses 32768 through 60999 for ephemeral ports. 
(Note the overlap there!) You can try using 61001 through 65534 as 
a range that's fairly unlikely to be assigned to anything, assuming 
nobody changes net.ipv4.ip_local_port_range, and with the knowledge that 
using such a range could cause interoperability problems if some of the 
servers use other operating systems (that might use that range for 
ephemeral ports).


Mike Stone

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 03:44:45PM +0300, Victor Porton wrote:
> Victor Porton wrote:
> 
> > We are going to install a range of software on a Debian Linux
> > installation. Because we run the same software (such as Celery) several
> > times, we need to use port numbers different than the standard Debian port
> > numbers chosen by default (because we can't run more than one instance of
> > a server with the same port, and thus using the standard port number for
> > all servers would fail).
> > 
> > How to choose TCP/IP port numbers for server software we run in such a way
> > that they don't clash with "standard" Debian port numbers?
> > 
> > In Debian are there any ranges of port numbers dedicated (so that they
> > wouldn't clash with "standard" that is used by default port numbers) for
> > servers configured by users?
> > 
> > Note that we run (at least some of) our software not as root, so we can't
> > use ports below 1024.
> 
> I received no satisfactory answer.
> 
> So I feel that there is no Debian policy on using port numbers.
> 
> This policy should be added to Debian!

I don't think so. I don't even think there is a policy which could ever
cater to the ~50K packages present in Debian.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQ5WQACgkQBcgs9XrR2kZApwCfbJR0fajOhynmZv3RUqRYBmzh
BpQAn01L1bDFJevwhZtWFPSnZzGR79cz
=BD/R
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 03:13:00PM +0300, Reco wrote:
>   Hi.

[...]

> You haven't looked hard enough. It's "grep -I".
> Those manpages, sometimes reading them works wonders.

Messages crossed. Great minds think alike ;-)

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQ5KoACgkQBcgs9XrR2kZ2bQCeOxsOxXtXQygHMIw/a10AqxL9
laIAnAkSrzUmj12Vr6iRmAEvxHJj1EWM
=6fTW
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[Victor Porton]

Victor Porton wrote:

> We are going to install a range of software on a Debian Linux
> installation. Because we run the same software (such as Celery) several
> times, we need to use port numbers different than the standard Debian port
> numbers chosen by default (because we can't run more than one instance of
> a server with the same port, and thus using the standard port number for
> all servers would fail).
> 
> How to choose TCP/IP port numbers for server software we run in such a way
> that they don't clash with "standard" Debian port numbers?
> 
> In Debian are there any ranges of port numbers dedicated (so that they
> wouldn't clash with "standard" that is used by default port numbers) for
> servers configured by users?
> 
> Note that we run (at least some of) our software not as root, so we can't
> use ports below 1024.

I received no satisfactory answer.

So I feel that there is no Debian policy on using port numbers.

This policy should be added to Debian!

It may be something like: "Debian packages (with default configuration) are 
allowed to bind ports 1-1. Ports 10001-32000 are available for users."

Please discuss.

-- 
Victor Porton - http://portonvictor.org

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 07:43:47AM -0400, Gene Heskett wrote:
> On Sunday 01 October 2017 03:34:19 to...@tuxteam.de wrote:
> 
> > On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:
> >
> > [...]
> >
> > > > > Assuring that my port is not in this IANA list is not enough to
> > > > > ensure that my port number will not clash with a port number
> > > > > used by a Debian package (by default).
> > > > >
> > > > > So your answer to my question is wrong.
> > >
> > > In which case debian should publish the unlisted ports they do use,
> > > if for no other reason than to "stake a claim".
> >
> > "Debian" "should". Gene, you "should" know better ;-)
> >
> > Want to start with it? Write a script which scans the /etc files in
> > all Debian packages for network configurations.
> >
> That might be possible IF you wanted to use a tool like grep, but in 30 
> years I've not found a way to silence the "binary file matches" messages 
> from grep. That apparently un-muffle-able noise without chaining two or 
> more invocations of grep makes it worthless for 95% of the searches I 
> might do. The best I can do finds 460 instances of " port " in my 
> own /etc tree, but from looking at that output, less than 100 actually 
> assign a number, most use the output of some other function to assign 
> the port.

Out of grep's fine manual:

   --binary-files=TYPE
  If the first few bytes of a file indicate that the
  file contains binary data, assume that the file is
  of type TYPE.  By default, TYPE is binary, and grep
  normally outputs either a one-line message saying
  that a binary file matches, or no message if there is
  no match.  If TYPE is without-match, grep assumes that
  a binary file does not match;  this  is  equivalent  to
  the  -I option.   If  TYPE  is text, grep processes
  a binary file as if it were text; this is equivalent
  to the -a option.  Warning: grep --binary-files=text
  might output binary garbage, which can have nasty side
  effects if the output is a terminal and if the terminal
  driver interprets some of it as commands.

So I'd try --binary-file=without-match (or its shorter cousin -I).

> So opening up every deb in /var/cache/apt/archives to search thru each 
> ones /etc files might take this machine a week or more, and you would 
> still have less than 25% of the numerical values. One things for sure, 
> it would take a more imaginative approach than mine because so much of 
> it appears to be dynamic assignments. One would have to emulate how each 
> goes about it, and then its only valid for that machine at that box of 
> time, however long it took.
> 
> However, since it seems so much of that is dynamic, one could possibly 
> use the dynamic method to find a currently unused server port when the 
> client requests a connection, and the client can check the number 
> assigned against its own list of ports, and accept or reject, wash rinse 
> repeat until one is usable by both.  Correctly done, I see at least 
> 20,000 possibilities in the /etc/services list. The OP just needs to 
> find a coder who can write such a critter.

Problem is, there are several such "dynamic" approaches. The older one
is Sun RPC's portmapper, which does have its downsides.

So my advice would be "relax". If there's a sysadmin around, just make
debugging of a clash easier, if not, look into all of those container/
orchestration frameworks, which have to tackle the problem more
systematically.

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQ5EwACgkQBcgs9XrR2kZDcgCeKmFQ/WlViB2AXkptG94qslzr
NNcAnRMtsAzjPoPRHOQfOGZz79o0YJ49
=9WM+
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[Reco]

Hi.

On Sun, Oct 01, 2017 at 07:43:47AM -0400, Gene Heskett wrote:
> On Sunday 01 October 2017 03:34:19 to...@tuxteam.de wrote:
> 
> > On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:
> >
> > [...]
> >
> > > > > Assuring that my port is not in this IANA list is not enough to
> > > > > ensure that my port number will not clash with a port number
> > > > > used by a Debian package (by default).
> > > > >
> > > > > So your answer to my question is wrong.
> > >
> > > In which case debian should publish the unlisted ports they do use,
> > > if for no other reason than to "stake a claim".
> >
> > "Debian" "should". Gene, you "should" know better ;-)
> >
> > Want to start with it? Write a script which scans the /etc files in
> > all Debian packages for network configurations.
> >
> That might be possible IF you wanted to use a tool like grep, but in 30 
> years I've not found a way to silence the "binary file matches" messages 
> from grep.

You haven't looked hard enough. It's "grep -I".
Those manpages, sometimes reading them works wonders.

Reco

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Sunday 01 October 2017 03:34:19 to...@tuxteam.de wrote:

> On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:
>
> [...]
>
> > > > Assuring that my port is not in this IANA list is not enough to
> > > > ensure that my port number will not clash with a port number
> > > > used by a Debian package (by default).
> > > >
> > > > So your answer to my question is wrong.
> >
> > In which case debian should publish the unlisted ports they do use,
> > if for no other reason than to "stake a claim".
>
> "Debian" "should". Gene, you "should" know better ;-)
>
> Want to start with it? Write a script which scans the /etc files in
> all Debian packages for network configurations.
>
That might be possible IF you wanted to use a tool like grep, but in 30 
years I've not found a way to silence the "binary file matches" messages 
from grep. That apparently un-muffle-able noise without chaining two or 
more invocations of grep makes it worthless for 95% of the searches I 
might do. The best I can do finds 460 instances of " port " in my 
own /etc tree, but from looking at that output, less than 100 actually 
assign a number, most use the output of some other function to assign 
the port.

So opening up every deb in /var/cache/apt/archives to search thru each 
ones /etc files might take this machine a week or more, and you would 
still have less than 25% of the numerical values. One things for sure, 
it would take a more imaginative approach than mine because so much of 
it appears to be dynamic assignments. One would have to emulate how each 
goes about it, and then its only valid for that machine at that box of 
time, however long it took.

However, since it seems so much of that is dynamic, one could possibly 
use the dynamic method to find a currently unused server port when the 
client requests a connection, and the client can check the number 
assigned against its own list of ports, and accept or reject, wash rinse 
repeat until one is usable by both.  Correctly done, I see at least 
20,000 possibilities in the /etc/services list. The OP just needs to 
find a coder who can write such a critter.

Sometimes necessity IS the mother of invention. If I am reading between 
the lines with sufficient clairvoyance, he wants another level of 
isolation to prevent data cross leakage between clients while all the 
traffic is on one switch per floor or some such a cable build. 

> What else have folks forgotten here?
>
>  - dynamic port assignments (X, rpc/portmapper: the last is known for
>having conflicted with CUPS in some distant past).
>
>  - semi-dynamic things (e.g. Debian's way to migrate PostgreSQL)
>
> Unfortunately, there's no "perfect" solution for the OP's problem
> (among other things because there are other people having the same
> problem and solving it the same way).
>
> My advice: start with /etc/services. Find a suitable "hole", far away
> from others (note that typical "dynamic" or "semi-dynamic" assignments
> tend to cluster around canonical values, e.g. PostgreSQL: 5432, 5433,
> 5434...). Plan for collissions (this might be something as complicated
> as re-trying ports until success plus some "registry" to look up where
> things ended or something as simple as "notify the sysadmin", lest she
> spends a night debugging the bugger).
>
> Cheers
> -- tomás


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[deloptes]

Victor Porton wrote:

> We are going to install a range of software on a Debian Linux
> installation. Because we run the same software (such as Celery) several
> times, we need to use port numbers different than the standard Debian port
> numbers chosen by default (because we can't run more than one instance of
> a server with the same port, and thus using the standard port number for
> all servers would fail).
> 
> How to choose TCP/IP port numbers for server software we run in such a way
> that they don't clash with "standard" Debian port numbers?
> 
> In Debian are there any ranges of port numbers dedicated (so that they
> wouldn't clash with "standard" that is used by default port numbers) for
> servers configured by users?
> 
> Note that we run (at least some of) our software not as root, so we can't
> use ports below 1024.

It is your machine, so the question is, is this machine dedicated to
specific service, or you intend to install some other application later.

I usually take the ports that I want - you don't need to ask for permission
to do so.

I prefer using 8000 - 3 range for servers and from 30001 - 61000 for
client communication.

You can reserve this range for yourself on the machine

# sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 3276860999

This way all client communication will  use this range and you can configure
the servers to use therange 8000 - 32000

Forget the crap service list - just take into account what apps you are
running

regards

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 09:34:19AM +0200, to...@tuxteam.de wrote:

[...]

> My advice [...]

Needless to say, I'd go with "simple", unless there's a very strong
reason against it. "Complex" is re-implementing the portmapper. Or
all those other orchestration thingies the "brave new container world"
has come up with. Perhaps you might want to have a look at what container
folks are doing.

Cheers
- -- t
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQm/kACgkQBcgs9XrR2kbqDQCeN/2B96cy1NL4bIpqgKgUgO8T
iTwAn0ZSmGiIRP3Ewv82+jvZY10Sm8Vp
=J5GM
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[tomas]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Oct 01, 2017 at 01:28:39AM -0400, Gene Heskett wrote:

[...]

> > > Assuring that my port is not in this IANA list is not enough to
> > > ensure that my port number will not clash with a port number used by
> > > a Debian package (by default).
> > >
> > > So your answer to my question is wrong.
> > >
> In which case debian should publish the unlisted ports they do use, if 
> for no other reason than to "stake a claim".

"Debian" "should". Gene, you "should" know better ;-)

Want to start with it? Write a script which scans the /etc files in all
Debian packages for network configurations.

What else have folks forgotten here?

 - dynamic port assignments (X, rpc/portmapper: the last is known for
   having conflicted with CUPS in some distant past).

 - semi-dynamic things (e.g. Debian's way to migrate PostgreSQL)

Unfortunately, there's no "perfect" solution for the OP's problem (among
other things because there are other people having the same problem and
solving it the same way).

My advice: start with /etc/services. Find a suitable "hole", far away
from others (note that typical "dynamic" or "semi-dynamic" assignments
tend to cluster around canonical values, e.g. PostgreSQL: 5432, 5433,
5434...). Plan for collissions (this might be something as complicated
as re-trying ports until success plus some "registry" to look up where
things ended or something as simple as "notify the sysadmin", lest she
spends a night debugging the bugger).

Cheers
- -- tomás
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlnQmnsACgkQBcgs9XrR2kaCagCfU0izg1thGPq5ld8AP/fTx1wl
dVoAn3Vyowm/w7h6fpw9AS5oxPsis9KX
=vtzF
-END PGP SIGNATURE-

Re: Free TCP/IP port numbers?

[Gene Heskett]

On Saturday 30 September 2017 22:28:45 Alexander V. Makartsev wrote:

> Ok, I will not waste my time to argue over obvious things.
> You won't get ports more "default" than from this list. Protocols,
> ports and service names are registered for a reason.
> Ex: If you install MySQL server it will be configured to listen on
> port 3306\tcp by default on any OS, be it Debian, RHEL, or Windows.
>
Thats a bit of a stiff attitude.  If his network is an isolated private 
network, there isn't any port police going to come and rip it up or 
prosecute for reconfiguring that install to use any of the ports that 
aren't in the services list. In fact I'd recommend that none of them run 
as root on a day to day basis.

> On 01.10.2017 06:40, Victor Porton wrote:
> > Alexander V. Makartsev wrote:
> >> There is official list of all registered port numbers:
> >> https://www.iana.org/assignments/service-names-port-numbers/service
> >>-names-port-numbers.txt
> >>
> >> You can choose any port that is not in the list, to be sure they
> >> won't clash.
> >
> > The list of port numbers you pointed to me is a subset (or at least
> > not a superset) of the full list used by Debian packages.
> >
> > Assuring that my port is not in this IANA list is not enough to
> > ensure that my port number will not clash with a port number used by
> > a Debian package (by default).
> >
> > So your answer to my question is wrong.
> >
In which case debian should publish the unlisted ports they do use, if 
for no other reason than to "stake a claim".

> >> On 01.10.2017 06:04, Victor Porton wrote:
> >>> We are going to install a range of software on a Debian Linux
> >>> installation. Because we run the same software (such as Celery)
> >>> several times, we need to use port numbers different than the
> >>> standard Debian port numbers chosen by default (because we can't
> >>> run more than one instance of a server with the same port, and
> >>> thus using the standard port number for all servers would fail).
> >>>
> >>> How to choose TCP/IP port numbers for server software we run in
> >>> such a way that they don't clash with "standard" Debian port
> >>> numbers?
> >>>
> >>> In Debian are there any ranges of port numbers dedicated (so that
> >>> they wouldn't clash with "standard" that is used by default port
> >>> numbers) for servers configured by users?
> >>>
> >>> Note that we run (at least some of) our software not as root, so
> >>> we can't use ports below 1024.


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: Free TCP/IP port numbers?

[shawn wilson]

The answer is correct - IANA maintains the list of ports. You may also look
at the services file nmap maintains or ask showdan what it's seen publicly
if you want a public popularity contest of ports.

As it is, I'm pretty sure you're over engineering this. Have a config file
that has a port range option and be done with it. Also, you didn't mention
needing <1024 so pick a port and be done with it (what everyone else does).

Lastly, certain ports are so old, their intended services shouldn't be
online anymore (see the first 20 ports or 90-110 - off the top of my head -
not sitting here and going through them) or if the service probably won't
be used in ICS or on a box designed to be an internet backbone, use one of
those.

On Sep 30, 2017 21:50, "Victor Porton"  wrote:

> Alexander V. Makartsev wrote:
>
> > There is official list of all registered port numbers:
> > https://www.iana.org/assignments/service-names-
> port-numbers/service-names-port-numbers.txt
> >
> > You can choose any port that is not in the list, to be sure they won't
> > clash.
>
> The list of port numbers you pointed to me is a subset (or at least not a
> superset) of the full list used by Debian packages.
>
> Assuring that my port is not in this IANA list is not enough to ensure that
> my port number will not clash with a port number used by a Debian package
> (by default).
>
> So your answer to my question is wrong.
>
> > On 01.10.2017 06:04, Victor Porton wrote:
> >> We are going to install a range of software on a Debian Linux
> >> installation. Because we run the same software (such as Celery) several
> >> times, we need to use port numbers different than the standard Debian
> >> port numbers chosen by default (because we can't run more than one
> >> instance of a server with the same port, and thus using the standard
> port
> >> number for all servers would fail).
> >>
> >> How to choose TCP/IP port numbers for server software we run in such a
> >> way that they don't clash with "standard" Debian port numbers?
> >>
> >> In Debian are there any ranges of port numbers dedicated (so that they
> >> wouldn't clash with "standard" that is used by default port numbers) for
> >> servers configured by users?
> >>
> >> Note that we run (at least some of) our software not as root, so we
> can't
> >> use ports below 1024.
>
> --
> Victor Porton - http://portonvictor.org
>
>

Re: Free TCP/IP port numbers?

[Alexander V. Makartsev]

Ok, I will not waste my time to argue over obvious things.
You won't get ports more "default" than from this list. Protocols, ports
and service names are registered for a reason.
Ex: If you install MySQL server it will be configured to listen on port
3306\tcp by default on any OS, be it Debian, RHEL, or Windows.



On 01.10.2017 06:40, Victor Porton wrote:
> Alexander V. Makartsev wrote:
>
>> There is official list of all registered port numbers:
>> https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
>>
>> You can choose any port that is not in the list, to be sure they won't
>> clash.
> The list of port numbers you pointed to me is a subset (or at least not a 
> superset) of the full list used by Debian packages.
>
> Assuring that my port is not in this IANA list is not enough to ensure that 
> my port number will not clash with a port number used by a Debian package 
> (by default).
>
> So your answer to my question is wrong.
>
>> On 01.10.2017 06:04, Victor Porton wrote:
>>> We are going to install a range of software on a Debian Linux
>>> installation. Because we run the same software (such as Celery) several
>>> times, we need to use port numbers different than the standard Debian
>>> port numbers chosen by default (because we can't run more than one
>>> instance of a server with the same port, and thus using the standard port
>>> number for all servers would fail).
>>>
>>> How to choose TCP/IP port numbers for server software we run in such a
>>> way that they don't clash with "standard" Debian port numbers?
>>>
>>> In Debian are there any ranges of port numbers dedicated (so that they
>>> wouldn't clash with "standard" that is used by default port numbers) for
>>> servers configured by users?
>>>
>>> Note that we run (at least some of) our software not as root, so we can't
>>> use ports below 1024.

Re: Free TCP/IP port numbers?

[Victor Porton]

Alexander V. Makartsev wrote:

> There is official list of all registered port numbers:
> https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
> 
> You can choose any port that is not in the list, to be sure they won't
> clash.

The list of port numbers you pointed to me is a subset (or at least not a 
superset) of the full list used by Debian packages.

Assuring that my port is not in this IANA list is not enough to ensure that 
my port number will not clash with a port number used by a Debian package 
(by default).

So your answer to my question is wrong.

> On 01.10.2017 06:04, Victor Porton wrote:
>> We are going to install a range of software on a Debian Linux
>> installation. Because we run the same software (such as Celery) several
>> times, we need to use port numbers different than the standard Debian
>> port numbers chosen by default (because we can't run more than one
>> instance of a server with the same port, and thus using the standard port
>> number for all servers would fail).
>>
>> How to choose TCP/IP port numbers for server software we run in such a
>> way that they don't clash with "standard" Debian port numbers?
>>
>> In Debian are there any ranges of port numbers dedicated (so that they
>> wouldn't clash with "standard" that is used by default port numbers) for
>> servers configured by users?
>>
>> Note that we run (at least some of) our software not as root, so we can't
>> use ports below 1024.

-- 
Victor Porton - http://portonvictor.org

Re: Free TCP/IP port numbers?

[Alexander V. Makartsev]

There is official list of all registered port numbers:
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt

You can choose any port that is not in the list, to be sure they won't
clash.


On 01.10.2017 06:04, Victor Porton wrote:
> We are going to install a range of software on a Debian Linux installation. 
> Because we run the same software (such as Celery) several times, we need to 
> use port numbers different than the standard Debian port numbers chosen by 
> default (because we can't run more than one instance of a server with the 
> same port, and thus using the standard port number for all servers would 
> fail).
>
> How to choose TCP/IP port numbers for server software we run in such a way 
> that they don't clash with "standard" Debian port numbers?
>
> In Debian are there any ranges of port numbers dedicated (so that they 
> wouldn't clash with "standard" that is used by default port numbers) for 
> servers configured by users?
>
> Note that we run (at least some of) our software not as root, so we can't 
> use ports below 1024.
>