Re: [users@httpd] httpd 2.4.12 ignoring net.ipv4.ip_local_port_range
Of course you are right. I considered the client would be the issue and do not now remember why I discounted it. Thank you. On 14 April 2015 at 17:00, Eric Covener wrote: > On Tue, Apr 14, 2015 at 6:49 AM, Mike Peachey > wrote: > > This client is getting responses from httpd on ports 63156+ > > The server side of the connection uses a well-known listening port, > 443. Clients use those high ephemeral ports. I don't think tuning an > ephemeral port range on the server does anything unless you use > mod_proxy for outbound connections. > > > > -- > Eric Covener > cove...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Mike Peachey mike.peac...@port.im
[users@httpd] httpd 2.4.12 ignoring net.ipv4.ip_local_port_range
Hi all, Will try to be concise: OS: Amazon Linux 2015.03 x86_64 Precise package: httpd24-2.4.12-1.60.amzn1.x86_64 Apache httpd 2.4 in use as SSL proxy. $ sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 3276861000 One remote client was unable to connect. Amazon subnet ACL in place permitting response communication with the ephemeral port rage 32768-61000 as defined in /proc/sys/net/ipv4/ip_local_port_range and confirmed as above by sysctl. Client successfully connected after enlarging subnet ACL to permit responses on 1025-65536. Once client connected (); the following shows in netstat tcp0 0 ::::443 ::::63158TIME_WAIT - tcp0 0 ::::443 ::::63156TIME_WAIT - tcp0 0 ::::443 ::::63157TIME_WAIT - tcp0 0 ::::443 ::::42875 TIME_WAIT - tcp0 0 ::::443 ::::63159TIME_WAIT - This client is getting responses from httpd on ports 63156+ As far as I understand it this should not be permitted as the maximum local port is set to 61000. Bug? Feature? Thanks in advance. -- Mike Peachey mike.peac...@port.im