Hi all, Will try to be concise:
OS: Amazon Linux 2015.03 x86_64 Precise package: httpd24-2.4.12-1.60.amzn1.x86_64 Apache httpd 2.4 in use as SSL proxy. $ sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 32768 61000 One remote client was unable to connect. Amazon subnet ACL in place permitting response communication with the ephemeral port rage 32768-61000 as defined in /proc/sys/net/ipv4/ip_local_port_range and confirmed as above by sysctl. Client successfully connected after enlarging subnet ACL to permit responses on 1025-65536. Once client connected (<remote ipv4 addr 1>); the following shows in netstat tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63158 TIME_WAIT - tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63156 TIME_WAIT - tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63157 TIME_WAIT - tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 2>:42875 TIME_WAIT - tcp 0 0 ::ffff:<local ipv4 addr>:443 ::ffff:<remote ipv4 addr 1>:63159 TIME_WAIT - This client is getting responses from httpd on ports 63156+ As far as I understand it this should not be permitted as the maximum local port is set to 61000. Bug? Feature? Thanks in advance. -- Mike Peachey mike.peac...@port.im
