Can the use of Ephemeral ports be disabled?
Posted by:
Mark Blake
Date: March 31, 2014 12:15AM
I would like to know if its possible for the mysql server to be configured so that the TCP/IP remotely connected clients, maintain their session on the normal listening port of 3306, instead of switching over to the ephemeral ports?
Why?
- because I have 44 mysql client devices co-located in universities & govt depts across the country, each connecting to a linux mysql server in my office (behind a NAT/router).
- one of my sites has blocked my client from using the ephemeral port ranges, so it connects on 3306, does it business, disappears, then creates a new connection 5 mins later, eventually using up my max users limit, and filling my logs unnecessarily.
- they wont update their firewall to allow this, I don't actually understand why not, as many protocols use ephemeral ports to maintain connections and our server is trusted by them( as they specifically allow the client to outward connect on 3306), and every other site allows this.
- their security dept says that I should be able to configure Mysql, to maintain client sessions on 3306, so that the ephemeral ports are not required.
- they also say that this is not a problem as maximum clients connected wont ever exceed about 60.
-I am a one person IT department and wrapping my head around all of this is new territory for me. :-)