about sysctl ip.portrange.x options?
perikillo
perikillo at gmail.com
Thu May 26 13:37:46 PDT 2005
Hi all, i have somes firewalls on freebsd 4.11-p9 with ipfilter + ipnat, my
ipnat.rules file have this:
map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp
map tun0 0/0 -> 0/32 portmap tcp/udp 20000:60000
map tun0 0/0 -> 0/32
Here it suposed that ipnat is going to use the range ports 20000 to 60000 on
my client connections, my firewalls are not running any servies only
firewall+router, them after checking the sysctl options:
test$ sysctl -a
I see some options:
net.inet.ip.portrange.lowfirst:1023
net.inet.ip.portrange.lowlast:600
net.inet.ip.portrange.first:1024
net.inet.ip.portrange.last:5000
net.inet.ip.portrange.hifirst:49152
net.inet.ip.portrange.hilast:65535
net.inet.ip.portrange.fastforwarding:0
A) What is the meaning of fastforwarding, went is the best situation to use
this option?
B) Iam not running any services, them lowfirst and lowlast i think they
never go in action, them i can live with there default values?
C) Now the other values, wich values are the recomend for a firewall system?
they are ok or i can use another range?
Is all my doubts, any link or information about i will apreciate. Thanks to
all.
More information about the freebsd-questions
mailing list