|
Hello Dan,
On Sat, 6 May 2000, Dan wrote:
> Hi Julian:
>
> Based on your table size comment, I went back to the code &
> found this:
>
> include/net/ip_masq.h:#define PORT_MASQ_BEGIN 61000
> include/net/ip_masq.h:#define PORT_MASQ_END (PORT_MASQ_BEGIN+4096)
>
> There's my "around 4000" connections. Now I just need to figure
> out the implications of mucking with these guys...wheeee!
Now I see how broken are the PORT_MASQ_BEGIN .. PORT_MASQ_END
calculations. The problem is that port PORT_MASQ_END is accounted
in some checks but in other checks it is not accounted :):):)
In some places port 65096 is included in the reserved range
but in other places it is not included :) The result: port 65096
is not used from the masquerading but you can't bind to it :)
But this is another problem and may be not so fatal.
If you flood one external service it will be very difficult
to shrink the reserved range. Each internal host autobinds to
ports 1024..4999 by default. If all internal hosts flood one external
service you have to expand the reserved masq range to 7*3976 ports,
i.e. 27832 ports. But this is related to the rate of the requests.
I'm still waiting for your picture :)
Regards
--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
|
