Re: Controlling ports used by natd

From: Mike Silbersack (silby_at_silby.com)
Date: 12/23/03

  • Next message: Barney Wolff: "Re: Controlling ports used by natd" 
    Date: Mon, 22 Dec 2003 18:33:31 -0600 (CST)
To: Brett Glass <brett@lariat.org>

    On Fri, 12 Dec 2003, Brett Glass wrote:

    > net.inet.ip.portrange.lowfirst: 1023
    > net.inet.ip.portrange.lowlast: 600
    > net.inet.ip.portrange.first: 1024
    > net.inet.ip.portrange.last: 5000
    > net.inet.ip.portrange.hifirst: 49152
    > net.inet.ip.portrange.hilast: 65535
    >
    > Why is "lowfirst" greater than "lowlast" above?

    That's just an implementation issue, nothing major. The port choosing
    algorithm can handle both the cases where first > last and last > first,
    and someone put the low ports in that order.

    > It is also interesting that natd doesn't respect the
    > "hifirst..hilast" settings here. Shouldn't it look at
    > these variables and avoid assigning ports that the
    > machine on which it's running would not use? Or should
    > there be a "net.inet.alias.portrange.first", etc., so
    > that one could specify the ranges or lists for everything
    > in one place?

    The high range is really a "feature" added for ftpd's sake, if you take a
    look back through the cvs history. There's no problem with the normal and
    high ranges overlapping; -current uses 49152-65535 for both.

    Mike "Silby" Silbersack
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Barney Wolff: "Re: Controlling ports used by natd"