Re: Controlling ports used by natd

• Previous message: Bruce M Simpson: "Under wraps -- FreeBSD signal quality monitoring"
• In reply to: Barney Wolff: "Re: Controlling ports used by natd"
• Next in thread: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Barney Wolff: "Re: Controlling ports used by natd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Fri, 12 Dec 2003 10:41:50 -0700
To: Barney Wolff <barney@databus.com>

At 01:35 AM 12/12/2003, Barney Wolff wrote:

>Oops, sorry for the confusion. How fancy a change is up to you,
>but changing ALIAS_PORT_BASE and ALIAS_PORT_MASK (and _EVEN)
>would let you confine the port range without much work.

The current algorithm works so long as the blocked ports have
numbers less than 32768. But there are now lots of Trojans and
worms that use higher ports, and admins may want to block them.
So, there ought to be a way to tell libalias "don't assign anything
in this set of ports" -- via a list or a bitmap.

If one can tap directly into libalias and make this a global
restriction, it might be that other programs (e.g. ppp) could
remain blissfully ignorant of it. If the restrictions were allowed
to be different for different instances of programs that used
libalias (for example, several instances of natd, each handling
an interface with unique restrictions), one would have to modify
the API of libalias, which might break code if not done carefully.

--Brett

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Bruce M Simpson: "Under wraps -- FreeBSD signal quality monitoring"
• In reply to: Barney Wolff: "Re: Controlling ports used by natd"
• Next in thread: Barney Wolff: "Re: Controlling ports used by natd"
• Reply: Barney Wolff: "Re: Controlling ports used by natd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Controlling ports used by natd ... >>I think that it might be best to keep choosing ports inside of libalias. ... > bitmap whose contents are set by whatever firewall is in operation (IPFW, ... problem (perhaps some simple comma-delimited sysctl which lists ports to ... (freebsd-net) Re: cvs-src summary for June 28 - July 5 (complete) ... > Dag-Erling Smorgrav made a change to make.conf, correcting a comment ... > that said that -O2 exposed bugs in ppp to mention libalias instead. ... > compiling libm. ... > default since there's likely to be a lot of software in ports that would ... (freebsd-current) norton internet security problems ... >Don't know if this is the proper group to post this to and ... >When I go to the symantec site and run their security ... >the general rule and I don't know which of the other ports ... (microsoft.public.windowsxp.general) Re: Bit torrent forward through iptables... ... > Trying to get bit torrent forwarded to an internal WixXP box through ... > Anyone know what ports... ... > start and I get blocked ports that weren't on any list I've seen on any of ... Also if you have a broadband connection, then make sure that this port ... (alt.os.linux) Internet Explorer Error ... blocked ports 3127-3198 to protect against MyDoom. ... (microsoft.public.windows.inetexplorer.ie6.browser)