Not positive the only use case, but I have a number of udp ports also open
so ran tcpdump on them and they are all talking to syslog. Seems to line up
about 1 per cpu on a couple of machines I checked.
On Fri, Aug 5, 2022 at 7:19 PM Shawn Heisey wrote:
> I am running haproxy in a couple of places. It is listening on multiple
> seemingly random high UDP ports.
>
> The one running "2.6.2-ce3023-30 2022/08/03" has the following ports.
> This server is in AWS. The first three lines are expected:
>
> elyograg@bilbo:/var/log$ sudo lsof -Pn -i | grep haproxy
> haproxy 1928967root6u IPv4 2585012 0t0 UDP *:443
> haproxy 1928967root7u IPv4 2585013 0t0 TCP *:80
> (LISTEN)
> haproxy 1928967root8u IPv4 2585014 0t0 TCP *:443
> (LISTEN)
> haproxy 1928967root 16u IPv4 2587974 0t0 UDP *:57183
> haproxy 1928967root 17u IPv4 2585855 0t0 UDP *:60746
>
> The one running "2.7-dev2-f9d4a7-78 2022/08/05" is in my basement and
> has the following ports. The first four lines are expected. There are
> a lot more UDP ports active on this one.
>
> elyograg@smeagol:~/git/lucene-solr$ sudo lsof -Pn -i | grep haproxy
> haproxy 1469717 root6u IPv4 14230127 0t0 UDP
> 192.168.217.170:443
> haproxy 1469717 root7u IPv4 14230128 0t0 TCP *:8983
> (LISTEN)
> haproxy 1469717 root8u IPv4 14230129 0t0 TCP *:80
> (LISTEN)
> haproxy 1469717 root9u IPv4 14230130 0t0 TCP *:443
> (LISTEN)
> haproxy 1469717 root 46u IPv4 14242826 0t0 UDP *:45727
> haproxy 1469717 root 47u IPv4 14212730 0t0 UDP *:40101
> haproxy 1469717 root 49u IPv4 14209917 0t0 UDP *:34584
> haproxy 1469717 root 50u IPv4 14212920 0t0 UDP *:55409
> haproxy 1469717 root 51u IPv4 14209875 0t0 UDP *:46192
> haproxy 1469717 root 52u IPv4 14229139 0t0 UDP *:36370
> haproxy 1469717 root 53u IPv4 14209916 0t0 UDP *:50898
> haproxy 1469717 root 55u IPv4 14242839 0t0 UDP *:45456
> haproxy 1469717 root 56u IPv4 14242890 0t0 UDP *:37717
> haproxy 1469717 root 57u IPv4 14240387 0t0 UDP *:45547
> haproxy 1469717 root 58u IPv4 14240302 0t0 UDP *:33960
> haproxy 1469717 root 60u IPv4 14240885 0t0 UDP *:42145
>
> These extra ports are not exposed to the world. The external firewalls
> are locked down pretty well. And the hosts also have firewalls (ufw)
> that are similarly restricted.
>
> What are these ports for? They are not in the haproxy config files. I
> did try searching for an explanation, and didn't find anything.
>
> Thanks,
> Shawn
>
>
>