Name

CKGB-573 — Proxy probably uses reserved port and will not operate

Severity

W (warning)

Message text

ACL %s uses reserved data port %d under unprivileged user %s

Description

Historically, the ftp-servers use for data connections source port number 20. This practice is now often replaced by using of generic ports. The ftp-proxy referenced in the message is configured to use also a fixed port which belongs to a block of ports that is by default reserved for root user only. However, the proxy is configured to run under unprivileged user and as such, it will not be able to use reserved port.

This log message is just warning because there is a possibility that your system is configured not to use the standard block of reserved ports and thus your proxy could be configured properly.

If the proxy does not operate, you have several possibilities how to configure it properly:

  • First, check whether your proxy really need to use selected port. This condition should often be changed, e.g. to use another, unprivileged port.

  • If you really need to use this port, you can change the extent of reserved port by setting the sysctl variables net.inet.ip.portrange.reservedlow or net.inet.ip.portrange.reservedhigh. They can be set by means of the SYSCTL.VARIABLE configuration items.

  • The last possibility is to change the user under which the proxy is running. This may be potentially a risk choice.

See also

logging(7)

Authors

This man page is a part of Kernun Firewall.
Copyright © 2000–2023 Trusted Network Solutions, a. s.
All rights reserved.