set port range for nginx

Constantine A. Murenin mureninc at
Fri Feb 8 17:39:13 UTC 2013

On 8 February 2013 02:05, Maxim Dounin <mdounin at> wrote:
> Hello!
> On Fri, Feb 08, 2013 at 11:20:35AM +0800, Fufeng Yao wrote:
>> Hi, all
>> I've got an nginx server in an internal network, and the server will
>> forward request to outer net using proxy_pass,
>> it seems like:
>> proxy_pass http://[public ip]:[port]
>> Unfortunately, the firewall block most of the port, so the proxy_pass
>> failed.
>> I have two questions:
>> How the proxy_pass use port to forward the request? pick a random port?
> Outoing port (as well as IP address, unless proxy_bind is used) is
> selected by your OS.  Use your system configuration options to
> tune port range used.
> E.g. on FreeBSD it can be done with net.inet.ip.portrange.first
> and net.inet.ip.portrange.last sysctl's.  On Linux it's tuned with
> net.ipv4.ip_local_port_range sysctl or
> /proc/sys/net/ipv4/ip_local_port_range.
>> Would that be possible to set a port range (10000~20000 e.g) for proxy_pass
>> to use?
> In theory, nginx can use bind() syscall to select some particular
> port, but only one of them, and this doesn't make sense with
> proxy_pass - as this will not allow more than one connection to
> the same destination address.  That is, tuning the OS as suggested
> above is the only way to go.

Or, alternatively, a local firewall with port translation can be used
to ensure that all outgoing ports that are used would be the ones that
would pass the upstream firewall.

See for some details, which has
a couple of examples of port redirection/translation within the


More information about the nginx mailing list