Linux – Why doesn’t Linux use the IANA Ephemeral port range

There was a time when IANA only assigned ports up to 1023. See RFC1700. At one time this was a standard. Most of the time I have no trouble finding when things change in the stream of RFC's but for the question of changing ports from 1024 to 49152 from registered to assigned I came up short.

In terms of Linux history, there was a question raised about the default ip_local_port_range in 2007. At that time it was decided to use the Linux range you mention for fear that high port numbers might cause problems and beginning the range at 49152 might leave too few port numbers in the pool. See this and its thread. The expressed thought at the time was that beginning at 32768 was within the spirit of the IANA's procedures, if not fully conformant. In reading this I infer that the developers assumed most assignments would occur from the bottom of the range and move up. At this writing I count a little more than 100 port numbers assigned (not counting different protocols as separate) between 32768 and 49152, so that has held up pretty well over the last five years.

I don't know why the range was considered too small, but I can imagine two reasons:

1. Port numbers are randomized to thwart certain attacks. The more addresses in the pool, the better this defense can work.
2. High activity servers might have trouble with port number exhaustion. While ports might be ephemeral, their use is not instantaneous. In particular sockets can last several minutes after TCP close.

This blog post touches on number 2, and suggests an answer should you wish your Linux systems to use a different range of local ports. (Using /etc/sysctl.d to define a range you like. There is also a ip_local_reserved_ports entry that may be of use if a particular conflict arrises. These match up with the /proc/sys entry you quote.)

In summary. The Linux defaults don't match the current IANA specifications, but any particular Linux system can, if its owner desires.