4

I created tcp connection between client and server using nodejs (net module). Server is listening on already predefined port and client is connecting to that port.

As far as i understand port for client is dynamically assigned by node? Is that correct?

  1. What kind of algorithm node is using to assign "random" port for the client? How this works, is this determined by node or by OS?
  2. Is it possible to define static port which client is going to use? Is it possible to define range of ports for the client to use?

NOTE: I think i found discussion/question with similar subject on stackoverflow before, but i cannot find it anymore. I would apprecaite if you can share any reliable resources regarding this subject.

Community
  • 1
  • 1
cool
  • 3,225
  • 3
  • 33
  • 58

2 Answers2

2

The source port number is usually pretty much irrelevant to your programming unless you have a router or firewall that is somehow restrictive in that regard. It is merely used by the underlying TCP infrastructure to keep track of different TCP connections.

From this article:

A TCP/IP connection is identified by a four element tuple: {source IP, source port, destination IP, destination port}. To establish a TCP/IP connection only a destination IP and port number are needed, the operating system automatically selects source IP and port.

The above referenced article describes how Linux selects the source port number.

As to your particular questions:

What kind of algorithm node is using to assign "random" port for the client? How this works, is this determined by node or by OS?

It is determined by the OS. That source port number is selected by the originating host at the TCP level before the connection is even made to node.js.

Some other reference articles:

Does the TCP source port have to be unique per host?

how can an application use port 80/HTTP without conflicting with browsers?

Note: there is no security reason I'm aware of for a firewall to limit the source port number or block certain source port numbers. They are a TCP bookkeeping number only, not related at all to security or the type of service being used. Note, this is different than the destination port which is usually correlated directly with the type of service being used (e.g. 80 is HTTP, 25 is SMTP, 143 is IMAP, etc... When you make a TCP connection to a different host, you specify the host address and the destination port number. You don't specify the source port number.

Community
  • 1
  • 1
jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • In my case source port is relevant as well because restrictive firewall rules (not defined by me, which means that i cannot alter those). So in my case (based on the article you shared) "cat /proc/sys/net/ipv4/ip_local_port_range" (linux) this port range needs to be allowed by firewall in order for client to work properly. Am i right? – cool Jun 01 '15 at 23:08
  • 2
    @cool - are you 100% sure that the source port is restricted by the firewall. It is very common for the destination port to be restricted, but not common to restrict the source port at all (since the source port is not related to security and is a random value selected by the host OS making the connection). In fact, blocking source port numbers that are regularly assigned to outgoing TCP connections would make lots of things not work if the source port was restricted (including internet browsing). – jfriend00 Jun 01 '15 at 23:27
  • @cool - do you perhaps need to configure your client to use an internal proxy in order to legitimately traverse the firewall? – jfriend00 Jun 01 '15 at 23:32
  • Honestly im 99% sure because everything relies within internal network (except tcp server i mentioned above). Firewall rules are not on the level of the machine (linux) where client is going to reside, they have some kind of other (to me unknown) system for handling security in the level above single vm (probably handling several vm within that internal network, please make a note that im guessing because I am not the one who is handling that), really strict. So from my perspective i want to deliver port range for which i know that nodejs will use from :) – cool Jun 01 '15 at 23:37
  • btw article you shared was really helpfull – cool Jun 01 '15 at 23:39
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/79372/discussion-between-cool-and-jfriend00). – cool Jun 01 '15 at 23:41
  • 3
    If your net admin has defined source port rules he should remove them. They provide precisely nothing in the way of security, and merely add cost, risk, and latency to applications. This should not be tolerated for a moment. – user207421 Jun 01 '15 at 23:49
0

The selected answer is provides a lot of info, but does not deal with the underlying problem. Node does not appear to allow https.request to specify a port for the client. There exist localAddress and localPort options, but they appear to be broken.

I've opened a new question on this issue. Hopefully someone will answer with something other than "just don't do that."

Is there a way to set the source port for a node js https request?

Community
  • 1
  • 1
user3356715
  • 181
  • 2
  • 12
  • I dont think that we are talking about the same topic. By my humble opinion answer from @jfriend00 covered everything. My question was related mostly with raw tcp connection which is quite different from "https" module and using it as that before tcp level. – cool Apr 13 '16 at 19:38