From owner-freebsd-questions@FreeBSD.ORG Thu May 26 20:37:46 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3B01F16A41F for ; Thu, 26 May 2005 20:37:46 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB97E43D1D for ; Thu, 26 May 2005 20:37:45 +0000 (GMT) (envelope-from perikillo@gmail.com) Received: by rproxy.gmail.com with SMTP id a41so296125rng for ; Thu, 26 May 2005 13:37:45 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type; b=Cb/0xv/xmJGLk8qKmRjIx+oIWES0g+BmoJWzaZwNmYREflnHTE0LB8fVxHkkZ4hH3B1mE/8S5xeR19t7qLNvUetyi2mAS/c+GVh3T2rfxSTkNzMlhXB+4q/bni3dSRWmQlWQbTUmTy3Wu99Nh/eOmeQI7bIigPTjBLwJ0ZHC4Y8= Received: by 10.38.161.27 with SMTP id j27mr2700240rne; Thu, 26 May 2005 13:37:44 -0700 (PDT) Received: by 10.38.98.73 with HTTP; Thu, 26 May 2005 13:37:44 -0700 (PDT) Message-ID: <51d7a51605052613374188d74f@mail.gmail.com> Date: Thu, 26 May 2005 13:37:44 -0700 From: perikillo To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: about sysctl ip.portrange.x options? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: perikillo List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 May 2005 20:37:46 -0000 Hi all, i have somes firewalls on freebsd 4.11-p9 with ipfilter + ipnat, m= y=20 ipnat.rules file have this: map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp map tun0 0/0 -> 0/32 portmap tcp/udp 20000:60000 map tun0 0/0 -> 0/32=20 Here it suposed that ipnat is going to use the range ports 20000 to 60000 o= n=20 my client connections, my firewalls are not running any servies only=20 firewall+router, them after checking the sysctl options: test$ sysctl -a I see some options: net.inet.ip.portrange.lowfirst:1023 net.inet.ip.portrange.lowlast:600 net.inet.ip.portrange.first:1024 net.inet.ip.portrange.last:5000 net.inet.ip.portrange.hifirst:49152 net.inet.ip.portrange.hilast:65535 net.inet.ip.portrange.fastforwarding:0 A) What is the meaning of fastforwarding, went is the best situation to use= =20 this option? B) Iam not running any services, them lowfirst and lowlast i think they=20 never go in action, them i can live with there default values? C) Now the other values, wich values are the recomend for a firewall system= ?=20 they are ok or i can use another range? Is all my doubts, any link or information about i will apreciate. Thanks to= =20 all.