Re: haproxy listening on lots of UDP ports

2022-08-05 Thread John Lauro 
Not positive the only use case, but I have a number of udp ports also open
so ran tcpdump on them and they are all talking to syslog. Seems to line up
about 1 per cpu on a couple of machines I checked.

On Fri, Aug 5, 2022 at 7:19 PM Shawn Heisey  wrote:

> I am running haproxy in a couple of places.  It is listening on multiple
> seemingly random high UDP ports.
>
> The one running "2.6.2-ce3023-30 2022/08/03" has the following ports.
> This server is in AWS.  The first three lines are expected:
>
> elyograg@bilbo:/var/log$ sudo lsof -Pn -i | grep haproxy
> haproxy   1928967root6u  IPv4 2585012  0t0 UDP *:443
> haproxy   1928967root7u  IPv4 2585013  0t0 TCP *:80
> (LISTEN)
> haproxy   1928967root8u  IPv4 2585014  0t0 TCP *:443
> (LISTEN)
> haproxy   1928967root   16u  IPv4 2587974  0t0 UDP *:57183
> haproxy   1928967root   17u  IPv4 2585855  0t0 UDP *:60746
>
> The one running "2.7-dev2-f9d4a7-78 2022/08/05" is in my basement and
> has the following ports.  The first four lines are expected.  There are
> a lot more UDP ports active on this one.
>
> elyograg@smeagol:~/git/lucene-solr$ sudo lsof -Pn -i | grep haproxy
> haproxy   1469717  root6u  IPv4 14230127 0t0  UDP
> 192.168.217.170:443
> haproxy   1469717  root7u  IPv4 14230128 0t0  TCP *:8983
> (LISTEN)
> haproxy   1469717  root8u  IPv4 14230129 0t0  TCP *:80
> (LISTEN)
> haproxy   1469717  root9u  IPv4 14230130 0t0  TCP *:443
> (LISTEN)
> haproxy   1469717  root   46u  IPv4 14242826 0t0  UDP *:45727
> haproxy   1469717  root   47u  IPv4 14212730 0t0  UDP *:40101
> haproxy   1469717  root   49u  IPv4 14209917 0t0  UDP *:34584
> haproxy   1469717  root   50u  IPv4 14212920 0t0  UDP *:55409
> haproxy   1469717  root   51u  IPv4 14209875 0t0  UDP *:46192
> haproxy   1469717  root   52u  IPv4 14229139 0t0  UDP *:36370
> haproxy   1469717  root   53u  IPv4 14209916 0t0  UDP *:50898
> haproxy   1469717  root   55u  IPv4 14242839 0t0  UDP *:45456
> haproxy   1469717  root   56u  IPv4 14242890 0t0  UDP *:37717
> haproxy   1469717  root   57u  IPv4 14240387 0t0  UDP *:45547
> haproxy   1469717  root   58u  IPv4 14240302 0t0  UDP *:33960
> haproxy   1469717  root   60u  IPv4 14240885 0t0  UDP *:42145
>
> These extra ports are not exposed to the world.  The external firewalls
> are locked down pretty well.  And the hosts also have firewalls (ufw)
> that are similarly restricted.
>
> What are these ports for?  They are not in the haproxy config files.  I
> did try searching for an explanation, and didn't find anything.
>
> Thanks,
> Shawn
>
>
>

haproxy listening on lots of UDP ports

2022-08-05 Thread Shawn Heisey 
I am running haproxy in a couple of places.  It is listening on multiple 
seemingly random high UDP ports.


The one running "2.6.2-ce3023-30 2022/08/03" has the following ports.  
This server is in AWS.  The first three lines are expected:


elyograg@bilbo:/var/log$ sudo lsof -Pn -i | grep haproxy
haproxy   1928967    root    6u  IPv4 2585012  0t0 UDP *:443
haproxy   1928967    root    7u  IPv4 2585013  0t0 TCP *:80 
(LISTEN)
haproxy   1928967    root    8u  IPv4 2585014  0t0 TCP *:443 
(LISTEN)

haproxy   1928967    root   16u  IPv4 2587974  0t0 UDP *:57183
haproxy   1928967    root   17u  IPv4 2585855  0t0 UDP *:60746

The one running "2.7-dev2-f9d4a7-78 2022/08/05" is in my basement and 
has the following ports.  The first four lines are expected.  There are 
a lot more UDP ports active on this one.


elyograg@smeagol:~/git/lucene-solr$ sudo lsof -Pn -i | grep haproxy
haproxy   1469717  root    6u  IPv4 14230127 0t0  UDP 
192.168.217.170:443
haproxy   1469717  root    7u  IPv4 14230128 0t0  TCP *:8983 
(LISTEN)
haproxy   1469717  root    8u  IPv4 14230129 0t0  TCP *:80 
(LISTEN)
haproxy   1469717  root    9u  IPv4 14230130 0t0  TCP *:443 
(LISTEN)

haproxy   1469717  root   46u  IPv4 14242826 0t0  UDP *:45727
haproxy   1469717  root   47u  IPv4 14212730 0t0  UDP *:40101
haproxy   1469717  root   49u  IPv4 14209917 0t0  UDP *:34584
haproxy   1469717  root   50u  IPv4 14212920 0t0  UDP *:55409
haproxy   1469717  root   51u  IPv4 14209875 0t0  UDP *:46192
haproxy   1469717  root   52u  IPv4 14229139 0t0  UDP *:36370
haproxy   1469717  root   53u  IPv4 14209916 0t0  UDP *:50898
haproxy   1469717  root   55u  IPv4 14242839 0t0  UDP *:45456
haproxy   1469717  root   56u  IPv4 14242890 0t0  UDP *:37717
haproxy   1469717  root   57u  IPv4 14240387 0t0  UDP *:45547
haproxy   1469717  root   58u  IPv4 14240302 0t0  UDP *:33960
haproxy   1469717  root   60u  IPv4 14240885 0t0  UDP *:42145

These extra ports are not exposed to the world.  The external firewalls 
are locked down pretty well.  And the hosts also have firewalls (ufw) 
that are similarly restricted.


What are these ports for?  They are not in the haproxy config files.  I 
did try searching for an explanation, and didn't find anything.


Thanks,
Shawn