Reserving set of local ports from ephemeral port range

Latest response

Environment:
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7

Issue:
How to reserve set of ports for a third-party application? Which those ports already under ephemeral port range.

Example:
cat /proc/sys/net/ipv4/ip_local_reserved_ports
30000-31000
cat /proc/sys/net/ipv4/ip_local_port_range
3999 60999

The Question here is:
Since we have to utilize/hold the ports from 30000 to 31000 for our application & need to use rest of the ephemeral ports for other open connectivity.
In my example, I have mentioned ephemeral range from 3999 to 60999, so reserve_ports will secure the highlighted/mentioned ports from ephemeral?

Please let me know if this works without any issue in the production?

Responses

Not tested like that. However, we usually keep local port range away from reserved ports to avoid any conflicts.

Thanks Sadashiva for taking a look on this.

Yes, that's right.

cat /proc/sys/net/ipv4/ip_local_reserved_ports
30000-31000
cat /proc/sys/net/ipv4/ip_local_port_range
3999 60999

Local ports will start 3999 and go up to 29999.

30000 to 31000 will not be used.

Local ports will start again at 31001 and finish at 60999.

Thanks Jamie for the confirmation. I will use the in my environment and let you guys know if there are any issues.

This configuraiton does not seems to work, please refer to article https://access.redhat.com/solutions/26875 where it says

You can reserve ports which are not in the current ip_local_port_range, e.g.:

    $ cat /proc/sys/net/ipv4/ip_local_port_range
    32000   61000
    $ cat /proc/sys/net/ipv4/ip_local_reserved_ports
    8080,9148"