From owner-freebsd-net@FreeBSD.ORG Thu Dec 11 23:45:21 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DFA116A4CE for ; Thu, 11 Dec 2003 23:45:21 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1E6743D1F for ; Thu, 11 Dec 2003 23:45:19 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.10/8.12.10) with ESMTP id hBC7jJiR023600; Fri, 12 Dec 2003 02:45:19 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.10/8.12.10/Submit) id hBC7jJNH023599; Fri, 12 Dec 2003 02:45:19 -0500 (EST) (envelope-from barney) Date: Fri, 12 Dec 2003 02:45:19 -0500 From: Barney Wolff To: Brett Glass Message-ID: <20031212074519.GA23452@pit.databus.com> References: <200312120312.UAA10720@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200312120312.UAA10720@lariat.org> User-Agent: Mutt/1.4.1i X-Scanned-By: MIMEDefang 2.38 cc: net@freebsd.org Subject: Re: Controlling ports used by natd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2003 07:45:21 -0000 On Thu, Dec 11, 2003 at 08:12:49PM -0700, Brett Glass wrote: > Is there a way to control the range of ports to which FreeBSD's > natd maps outgoing connections? I'm attempting to deal with a > situation in which natd is (sometimes) changing outgoing UDP > packets' source port numbers to ones which are commonly used > by worms. Sometimes, a firewall at the destination blocks the > packet; at other times, the response is blocked on the way > back. > > If it is possible to tell natd to avoid using ports that are > firewalled, it ought to be possible to avoid this problem. But > I can find no way to do this. Does one exist? UTSL libpcap/alias_db.c -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.