HPE Community
Operating System - HP-UX
1851023 Members
2607 Online
104056 Solutions
New Discussion

Use of dynamic ports

 
Ken Englander
Regular Advisor

‎12-13-2010 10:52 AM

‎12-13-2010 10:52 AM

Use of dynamic ports

We are working on validating Oracle 11g R2 and have found that Oracle recommends changing the range of dynamic ports for TCP and UDP. We are also validating Serviceguard 11.20. I noticed the following statement in the Release Notes on page 50.

Does anyone know what the documentation means when it states "alter your rules accordingly"? I am concerned there will be a conflict between Serviceguard and Oracle.

Serviceguard also uses dynamic ports (typically in the range of 49152 - 65535) for some cluster services. If you have adjusted the dynamic port range using kernel tunable parameters, alter your rules accordingly.
0 Kudos
Reply
5 REPLIES 5
Patrick Wallek
Honored Contributor

‎12-13-2010 11:41 AM

‎12-13-2010 11:41 AM

Re: Use of dynamic ports

>>"alter your rules accordingly"?

I think it is saying that if your dynamic port range in the kernel does not include the range given, then alter your rules to include that range of ports.

0 Kudos
Reply
Shibin_2
Honored Contributor

‎12-13-2010 12:04 PM

‎12-13-2010 12:04 PM

Re: Use of dynamic ports

I think, it is general thought for you, if you are using additional security software such as IPFilter or Bastille.

Using IPFilter, you can block / unblock ports. If you using IPFilter in SG environment, you should be aware that SG uses these range of dynamic ports, if you face any trouble.

Following thread is similar discussion in an environment of Bastile with SG.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=977854

Another documentation in IPFilter.

http://docs.hp.com/en/B9901-90029/ch09s01.html
Regards
Shibin
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎12-14-2010 04:32 AM

‎12-14-2010 04:32 AM

Re: Use of dynamic ports

Hi Ken,

The phrase "If you have adjusted the dynamic port range using kernel tunable parameters, alter your rules accordingly." advises the administrator to insure the kernel makes provision for this range of ports (49152 - 65535).
0 Kudos
Reply
Ken Englander
Regular Advisor

‎12-14-2010 10:07 AM

‎12-14-2010 10:07 AM

Re: Use of dynamic ports

Patrick - My difficulty is that I do not know what is meant by the reference to "rules". The links included by Shibin helped in giving me a clue - see below.

Shibin - I think you sent me some good links, in particular defining "rules" as something used with bastille. So, I think maybe that is what the statement means.

Stephen - I appreciate your answer, but I do not understand what you mean. I did find via one of the other links provided that â rulesâ are something used by bastille. So, I think perhaps the document means that these rules need to be adjusted accordingly if bastille is being used.

Do you think that might be the case or is there something else you are suggesting in your response?
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎12-15-2010 05:43 AM

‎12-15-2010 05:43 AM

Re: Use of dynamic ports

The Release Notes are global in nature, so they intend the reader to understand that whatever modifications are made to the kernel with regard to network ports and ranges, ports 49152-65535 and/or this range of ports must be available to Serviceguard. IP filtering such as Bastille and other applications such Oracle must allow Serviceguard to reserve and use this range of network ports.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.