Source ports for psql
hello!
I am trying to access a postgresql server though a tightly configured
firewall, and I'd like to know the source port range is that postgresql
clients use to access the database.
it seems the source port starts at the 50000 range. Is there an upper limit or
does it randomly pick any non-privileged port?
I have searched the lists and google but I could not find anything that lists
the source port range for postgresql clients.
Any help would be great.
Thanks,
Matthew Smith
Matthew Smith <mps@utas.edu.au> writes:
I am trying to access a postgresql server though a tightly configured
firewall, and I'd like to know the source port range is that postgresql
clients use to access the database.
You seem to be under the misimpression that Postgres might have
something to do with that. We don't --- this is entirely determined
by the whims of your local kernel. I would even go so far as to say
that if you write code that makes any assumption in this regard,
you will have only yourself to blame when (not if) it fails.
regards, tom lane
Hello Tom,
Thanks for the reply. So in other words, the postgres clients do not use a
specific range for the source port (as a specific decision by the developers,
or as written down in a given spec), but rather relies on the operating
system's socket implementation to assign a source port?
So in practice the source port can be any non-privileged port (from postgreses
point of view)?
I only ask this clarification to be sure to pass on the correct info on to the
administrator of the firewall...
Thanks,
Matt Smith
Show quoted text
On Mon, 6 Feb 2006 04:25 pm, Tom Lane wrote:
Matthew Smith <mps@utas.edu.au> writes:
I am trying to access a postgresql server though a tightly configured
firewall, and I'd like to know the source port range is that postgresql
clients use to access the database.You seem to be under the misimpression that Postgres might have
something to do with that. We don't --- this is entirely determined
by the whims of your local kernel. I would even go so far as to say
that if you write code that makes any assumption in this regard,
you will have only yourself to blame when (not if) it fails.regards, tom lane
On Mon, Feb 06, 2006 at 04:35:33PM +1100, Matthew Smith wrote:
Hello Tom,
Thanks for the reply. So in other words, the postgres clients do not use a
specific range for the source port (as a specific decision by the developers,
or as written down in a given spec), but rather relies on the operating
system's socket implementation to assign a source port?So in practice the source port can be any non-privileged port (from postgreses
point of view)?
Any port at all. In Linux at least you can specify the range for port
selections made by the kernel, on my current machine it appears to be
1024 to 4999. PostgreSQL doesn't particularly care. Most programs don't
select a port for outgoing.
I only ask this clarification to be sure to pass on the correct info on to the
administrator of the firewall...
The suggested config for working though a firewall is to setup an ssh
tunnel and work through that.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
Show quoted text
Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
tool for doing 5% of the work and then sitting around waiting for someone
else to do the other 95% so you can sue them.