From 697061e2b4c2944f2ff9685f4cee4bee7290fc78 Mon Sep 17 00:00:00 2001 From: mtm Date: Sat, 6 Nov 2004 13:24:53 +0000 Subject: Sync description of IP portrange sysctls with reality. MFC after: 2 weeks --- share/man/man7/tuning.7 | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'share/man/man7') diff --git a/share/man/man7/tuning.7 b/share/man/man7/tuning.7 index 9c3f625..a4e58ba 100644 --- a/share/man/man7/tuning.7 +++ b/share/man/man7/tuning.7 @@ -637,29 +637,28 @@ network programs use the default range which is controlled by .Va net.inet.ip.portrange.first and .Va net.inet.ip.portrange.last , -which default to 1024 and 5000, respectively. +which default to 49152 and 65535, respectively. Bound port ranges are used for outgoing connections, and it is possible to run the system out of ports under certain circumstances. This most commonly occurs when you are running a heavily loaded web proxy. The port range is not an issue -when running servers which handle mainly incoming connections, such as a +when running a server which handles mainly incoming connections, such as a normal web server, or has a limited number of outgoing connections, such as a mail relay. -For situations where you may run yourself out of -ports, we recommend increasing -.Va net.inet.ip.portrange.last +For situations where you may run out of ports, +we recommend decreasing +.Va net.inet.ip.portrange.first modestly. -A value of 10000 or 20000 or 30000 may be reasonable. +A range of 10000 to 30000 ports may be reasonable. You should also consider firewall effects when changing the port range. Some firewalls may block large ranges of ports (usually low-numbered ports) and expect systems to use higher ranges of ports for outgoing connections. -For this reason, -we do not recommend that -.Va net.inet.ip.portrange.first -be lowered. +By default +.Va net.inet.ip.portrange.last +is set at the maximum allowable port number. .Pp The .Va kern.ipc.somaxconn -- cgit v1.1