Hi,
It appears that this is not possible under Tru64 Unix. Two people pointed
me to inet:ipport_userreserved_min in sysconfigtab as described in "man
sys_attrs_inet" but this parameter refers to the port number range
assigned to outgoing connections. What I wanted to limit was the port
number assigned to an application for a "bind" system call for subsequent
listening (as required for the PASV mode), if the application does not
specify a port by itself.
So I might end up modifying the FTP server to achieve what I want.
Actually WU-FTPD can be configured to listen for data-connections on a
specific port number range already. However I'm using proftpd (which I
find easier and more flexible to configure) and I think I'll just modify
proftpd for that purpose. If anyone is interested in a modified proftpd
version, drop me a line.
Thanks to:
John P Speno <speno_at_isc.upenn.edu>
Oisin McGuinness <oisin_at_sbcm.com>
for their answers to my posting and here's my original posting:
-----------------------------------------------------
I'm currently configuring a firwall for our working group and I'm facing
one problem. Our FTP server is running Tru64 4.0E and for allowing PASV
FTP mode (which many Web browsers use) I need to open up a range of high
port numbers over 1024 in the firewall which the FTP server dynamically
uses. The problem is, though, that there are certain daemons like nfsd or
others which also use ports greater than 1024.
Under Solaris it is possible to dynamically set a minimum port number for
applications to be used. This helps in situations like these. You just
start all system processes, set the min. port number to say 10000 and
then start the FTP server which subsequently only uses PASV ports >=
10000. Now the firewall can be configure with this limit as well.
Question: Is there anything like a minimum port number for applications
under Tru64 as well?
Thanks // Tom
--
--------------------------------------------------------------------------
Dr. Tom Leitner Dept. of Communications
Graz University of Technology,
e-mail : tom_at_radar.tu-graz.ac.at Inffeldgasse 12
Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe
Fax : +43-316-463-697
Home page : http://wiis.tu-graz.ac.at/people/tom.html
PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send
mail with subject "get Thomas Leitner" to pgp-public-keys_at_keys.pgp.net
--------------------------------------------------------------------------
Before we have the paperless office, we have the paperless toilet!
Received on Fri Jan 12 2001 - 08:39:27 NZDT