Restricting the ports for outgoing connection to a range of pre-defined ports

[KishanKishore]

Hi, Is there a way to restrict the ports used for outgoing connections when starting the Kafka Proxy server? I am specifying the bootstrap server using the --bootstrap-server-mapping option and tried to use the --dynamic-listeners-disable and --dynamic-sequential-min-port but these options didn't seem to help. I have a firewall that blocks all outgoing connections by default and I have allowed port 9092 but I get the following error:

Reading data from destination_ip_address:destination_port had error: read tcp source_ip_address:source_port->destination_ip_address:destination_port: wsarecv: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

This is because the Read TCP operation is happening on a random port that is blocked.

Update 1: After reading some code I found that the --dynamic-sequential-min-port parameter is being used to create servers/listeners using net.Listen method. So from what I understand this parameter is irrelevant to my problem. Can someone confirm ?

[everesio]

Hi,

Indeed --dynamic-sequential-min-port applies only to the server listener.

An outgoing connection uses an ephemeral port on the client side (kafka proxy) when connecting to the kafka broker. TPC port range can be set globally by changing kernel parameters.

Probably you should check or change your firewall rules to filter destination and not source port for outgoing connections.