Source port translation only
Nejc Škoberne
nejc at skoberne.net
Tue Jun 19 11:32:00 UTC 2012
Hi,
> Push net.inet.ip.portrange.reservedhigh 1023 -> 2048 ?
>
> - and -
>
> Adjust net.inet.ip.portrange.last net.inet.ip.portrange.first lower ?
this is only relevant for hosts, which are sourcing the packets, not for
the gateway devices. I want to have a NAT device/gateway which would
port-restrict original packets, sources from unchanged (normal) end hosts.
> Don't have a clue why on earth you would want to do this though.
A NAT device like this is one of the parts of the design of a new A+P
IPv4 address sharing mechanism, which I am working on. Currently, we
already have a bunch of v4 address sharing mechanisms (some of them
being currently worked on in the IETF). Let me know if you're interested
in more details.
Sure, port exhaustion is one of the problems of A+P v4 address sharing
mechanisms, as already noted in RFC6346.
Thanks,
Nejc
More information about the freebsd-pf
mailing list