TCP/IP Connections to and from Low Numbered Ports Occasionally Hang (Solaris, IPSEC)
(Doc ID 1012141.1)
Last updated on SEPTEMBER 29, 2020
Applies to:Solaris Operating System - Version 10 3/05 and later
User applications which use RPC(remote procedure call) or specifically bind to available low number ports, suffer from intermittent connection failures.
Example applications in this category include NFS, Veritas Netbackup, rsh, rcp, "all the RSHELL commands"
First, check all entries in /etc/inet/ipsecinit.conf for rules applying to services using privileged ports between 512 and 1023 (also any defined in ndd /dev/tcp tcp_extra_priv_ports).
[ Also check whether ipsecesp and ipsecah are present in the kernel (use modinfo -l), if they are not then you have a different problem. ]
Verify that the services listed in ipsecinit.conf are indeed in use on the system by checking /etc/inetd.conf and netstat -an for listeners. If there is a listener then the above mentioned (casual users of low port numbers) programs will not be allowed to bind to the port as it is already in use. This means they will never have their connections unexpectedly intercepted by ipsec, i.e. you will not see this problem.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!