Home » Mailing list archives » openbsd-misc » 2007 » June » 13

Re: Sometime NAT, sometimes NOT?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Stuart Henderson <stu@...>
To: Geraerts Andy <Andy.Geraerts@...>
Cc: <misc@...>, Brian A. Seklecki <lavalamp@...>
Subject: Re: Sometime NAT, sometimes NOT?
Date: Wednesday, June 13, 2007 - 5:48 am

On 2007/06/13 11:12, Geraerts Andy wrote:


Yes, you have run out of available ports to NAT from.


The straightforward answer is to NAT from a larger pool of addresses

i.e.  nat ... -> { 1.1.1.1, 2.2.2.2, 3.3.3.0/24}


The 50001:65535 range is set in /usr/src/sbin/pfctl/pfctl_parser.c

(PF_NAT_PROXY_PORT_LOW and ..._HIGH) which might give some opportunity

to shoot yourself in the foot (especially if you don't bother to make

related changes to sysctl net.inet.ip.port* to keep some hiports free

for connections from the box itself).
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Re: Sometime NAT, sometimes NOT?, Geraerts Andy, (Wed Jun 13, 5:12 am)
Re: Sometime NAT, sometimes NOT?, Stuart Henderson, (Wed Jun 13, 5:48 am)
Re: Sometime NAT, sometimes NOT?, Peter N. M. Hansteen, (Wed Jun 13, 5:20 am)