|
Hello,
On Thu, 1 Nov 2001, Peter Mueller wrote:
> |> > >> The comment seems to imply that I could widen or
> |> > >> move the range [PORT_MASQ_BEGIN, PORT_MASQ_END] as
> |> > >> long as it starts above 32 k and ends below 64 k.
>
> |> Make sure /proc/sys/net/ipv4/ip_local_port_range does not
> |> collide with the masquerade range and hope that you don't break
> |> some of your services that try to bind to specific ports in
> |> your new masq range (passive ftp is most suspected).
>
> this is pretty interesting. what are the /proc or sysctl settings for masq
> range, I thought it used local dynamic port range (!?!)
No, this is true in 2.4 may be. In 2.2 the local_port_range
and the masq port range should not collide because nobody checks
for such collision. The only check is in af_inet.c and explicit
binding to masq port is not allowed. It is assumed that the
autobinding does not select masq port. So, the both port ranges
should be separated. The mentioned recommendation for mport range
1024..65000 is dangerous. It may work but unexpected things can
happen. And there are no /proc values for the masq port range.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
