Thread: Source ports for psql
hello! I am trying to access a postgresql server though a tightly configured firewall, and I'd like to know the source port range is that postgresql clients use to access the database. it seems the source port starts at the 50000 range. Is there an upper limit or does it randomly pick any non-privileged port? I have searched the lists and google but I could not find anything that lists the source port range for postgresql clients. Any help would be great. Thanks, Matthew Smith
Matthew Smith <mps@utas.edu.au> writes:
> I am trying to access a postgresql server though a tightly configured
> firewall, and I'd like to know the source port range is that postgresql
> clients use to access the database.
You seem to be under the misimpression that Postgres might have
something to do with that. We don't --- this is entirely determined
by the whims of your local kernel. I would even go so far as to say
that if you write code that makes any assumption in this regard,
you will have only yourself to blame when (not if) it fails.
regards, tom lane
Hello Tom, Thanks for the reply. So in other words, the postgres clients do not use a specific range for the source port (as a specific decision by the developers, or as written down in a given spec), but rather relies on the operating system's socket implementation to assign a source port? So in practice the source port can be any non-privileged port (from postgreses point of view)? I only ask this clarification to be sure to pass on the correct info on to the administrator of the firewall... Thanks, Matt Smith On Mon, 6 Feb 2006 04:25 pm, Tom Lane wrote: > Matthew Smith <mps@utas.edu.au> writes: > > I am trying to access a postgresql server though a tightly configured > > firewall, and I'd like to know the source port range is that postgresql > > clients use to access the database. > > You seem to be under the misimpression that Postgres might have > something to do with that. We don't --- this is entirely determined > by the whims of your local kernel. I would even go so far as to say > that if you write code that makes any assumption in this regard, > you will have only yourself to blame when (not if) it fails. > > regards, tom lane
On Mon, Feb 06, 2006 at 04:35:33PM +1100, Matthew Smith wrote: > Hello Tom, > > Thanks for the reply. So in other words, the postgres clients do not use a > specific range for the source port (as a specific decision by the developers, > or as written down in a given spec), but rather relies on the operating > system's socket implementation to assign a source port? > > So in practice the source port can be any non-privileged port (from postgreses > point of view)? Any port at all. In Linux at least you can specify the range for port selections made by the kernel, on my current machine it appears to be 1024 to 4999. PostgreSQL doesn't particularly care. Most programs don't select a port for outgoing. > I only ask this clarification to be sure to pass on the correct info on to the > administrator of the firewall... The suggested config for working though a firewall is to setup an ssh tunnel and work through that. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.