|
At 10:18 PM 11/1/2001 +0000, Julian Anastasov wrote:
> Hello,
>
>On Thu, 1 Nov 2001, Wayne wrote:
>
>> >> The comment seems to imply that I could widen or
>> >> move the range [PORT_MASQ_BEGIN, PORT_MASQ_END] as
>> >> long as it starts above 32 k and ends below 64 k.
>> >
>> > Yes. Even 2.4 sometimes selects 32768..61000
>>
>> Thanks. What about using large than 32k range?
>
> Yes - this is your box. You should be careful whether
>some ftp or other services use the same range because if you
Very good point. If I make that to be a large number, how
could I make that peaceful stay in the same box to handle
both masq and passive FTP?
>extend the masq port range you will not be able to bind TCP and
>UDP sockets to these ports. But you can increase the
>PORT_MASQ_MUL value to 100 or even 1000. Then you need only
>memory chips. You need wider masq range only for UDP sockets
>that don't use the default value 0 for
>/proc/sys/net/ipv4/ip_masq_udp_dloose
>For TCP the masq port range defines from how many ports you can
>connect to same remote server. In all other cases you need just
>to play with PORT_MASQ_MUL.
>
>> What would be the maximum range I could select?
>> Are they different between 2.2 and 2.4?
>
> Who cares? The sockets can't bind to these mports.
>Make sure /proc/sys/net/ipv4/ip_local_port_range does not
>collide with the masquerade range and hope that you don't break
>some of your services that try to bind to specific ports in
>your new masq range (passive ftp is most suspected).
>
>Regards
>
>--
>Julian Anastasov <ja@xxxxxx>
Thanks, Julian.
|
