set port range for nginx

Maxim Dounin mdounin at
Fri Feb 8 10:05:05 UTC 2013


On Fri, Feb 08, 2013 at 11:20:35AM +0800, Fufeng Yao wrote:

> Hi, all
> I've got an nginx server in an internal network, and the server will
> forward request to outer net using proxy_pass,
> it seems like:
> proxy_pass http://[public ip]:[port]
> Unfortunately, the firewall block most of the port, so the proxy_pass
> failed.
> I have two questions:
> How the proxy_pass use port to forward the request? pick a random port?

Outoing port (as well as IP address, unless proxy_bind is used) is 
selected by your OS.  Use your system configuration options to 
tune port range used.

E.g. on FreeBSD it can be done with net.inet.ip.portrange.first 
and net.inet.ip.portrange.last sysctl's.  On Linux it's tuned with 
net.ipv4.ip_local_port_range sysctl or 

> Would that be possible to set a port range (10000~20000 e.g) for proxy_pass
> to use?

In theory, nginx can use bind() syscall to select some particular 
port, but only one of them, and this doesn't make sense with 
proxy_pass - as this will not allow more than one connection to 
the same destination address.  That is, tuning the OS as suggested 
above is the only way to go.

Maxim Dounin

More information about the nginx mailing list