|
Hello,
On Thu, 1 Nov 2001, Wayne wrote:
> >> The comment seems to imply that I could widen or
> >> move the range [PORT_MASQ_BEGIN, PORT_MASQ_END] as
> >> long as it starts above 32 k and ends below 64 k.
> >
> > Yes. Even 2.4 sometimes selects 32768..61000
>
> Thanks. What about using large than 32k range?
Yes - this is your box. You should be careful whether
some ftp or other services use the same range because if you
extend the masq port range you will not be able to bind TCP and
UDP sockets to these ports. But you can increase the
PORT_MASQ_MUL value to 100 or even 1000. Then you need only
memory chips. You need wider masq range only for UDP sockets
that don't use the default value 0 for
/proc/sys/net/ipv4/ip_masq_udp_dloose
For TCP the masq port range defines from how many ports you can
connect to same remote server. In all other cases you need just
to play with PORT_MASQ_MUL.
> What would be the maximum range I could select?
> Are they different between 2.2 and 2.4?
Who cares? The sockets can't bind to these mports.
Make sure /proc/sys/net/ipv4/ip_local_port_range does not
collide with the masquerade range and hope that you don't break
some of your services that try to bind to specific ports in
your new masq range (passive ftp is most suspected).
Regards
--
Julian Anastasov <ja@xxxxxx>
|
