about sysctl ip.portrange.x options?

perikillo perikillo at gmail.com
Thu May 26 13:37:46 PDT 2005


 Hi all, i have somes firewalls on freebsd 4.11-p9 with ipfilter + ipnat, my 
ipnat.rules file have this:

map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp
map tun0 0/0 -> 0/32 portmap tcp/udp 20000:60000
map tun0 0/0 -> 0/32 

Here it suposed that ipnat is going to use the range ports 20000 to 60000 on 
my client connections, my firewalls are not running any servies only 
firewall+router, them after checking the sysctl options:

test$ sysctl -a

I see some options:

net.inet.ip.portrange.lowfirst:1023
net.inet.ip.portrange.lowlast:600
net.inet.ip.portrange.first:1024
net.inet.ip.portrange.last:5000
net.inet.ip.portrange.hifirst:49152
net.inet.ip.portrange.hilast:65535
net.inet.ip.portrange.fastforwarding:0

A) What is the meaning of fastforwarding, went is the best situation to use 
this option?
B) Iam not running any services, them lowfirst and lowlast i think they 
never go in action, them i can live with there default values?
C) Now the other values, wich values are the recomend for a firewall system? 
they are ok or i can use another range?

Is all my doubts, any link or information about i will apreciate. Thanks to 
all.


More information about the freebsd-questions mailing list