Date: Thu, 26 May 2005 13:37:44 -0700 From: perikillo <perikillo@gmail.com> To: freebsd-questions@freebsd.org Subject: about sysctl ip.portrange.x options? Message-ID: <51d7a51605052613374188d74f@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, i have somes firewalls on freebsd 4.11-p9 with ipfilter + ipnat, m= y=20 ipnat.rules file have this: map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp map tun0 0/0 -> 0/32 portmap tcp/udp 20000:60000 map tun0 0/0 -> 0/32=20 Here it suposed that ipnat is going to use the range ports 20000 to 60000 o= n=20 my client connections, my firewalls are not running any servies only=20 firewall+router, them after checking the sysctl options: test$ sysctl -a I see some options: net.inet.ip.portrange.lowfirst:1023 net.inet.ip.portrange.lowlast:600 net.inet.ip.portrange.first:1024 net.inet.ip.portrange.last:5000 net.inet.ip.portrange.hifirst:49152 net.inet.ip.portrange.hilast:65535 net.inet.ip.portrange.fastforwarding:0 A) What is the meaning of fastforwarding, went is the best situation to use= =20 this option? B) Iam not running any services, them lowfirst and lowlast i think they=20 never go in action, them i can live with there default values? C) Now the other values, wich values are the recomend for a firewall system= ?=20 they are ok or i can use another range? Is all my doubts, any link or information about i will apreciate. Thanks to= =20 all.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51d7a51605052613374188d74f>