Date: Tue, 19 Jun 2012 13:31:51 +0200 From: =?UTF-8?B?TmVqYyDFoGtvYmVybmU=?= <nejc@skoberne.net> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: freebsd-pf@freebsd.org Subject: Re: Source port translation only Message-ID: <4FE06327.1080503@skoberne.net> In-Reply-To: <20120619112459.GA96895@DataIX.net> References: <4FE0142A.80003@skoberne.net> <20120619112459.GA96895@DataIX.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > Push net.inet.ip.portrange.reservedhigh 1023 -> 2048 ? > > - and - > > Adjust net.inet.ip.portrange.last net.inet.ip.portrange.first lower ? this is only relevant for hosts, which are sourcing the packets, not for the gateway devices. I want to have a NAT device/gateway which would port-restrict original packets, sources from unchanged (normal) end hosts. > Don't have a clue why on earth you would want to do this though. A NAT device like this is one of the parts of the design of a new A+P IPv4 address sharing mechanism, which I am working on. Currently, we already have a bunch of v4 address sharing mechanisms (some of them being currently worked on in the IETF). Let me know if you're interested in more details. Sure, port exhaustion is one of the problems of A+P v4 address sharing mechanisms, as already noted in RFC6346. Thanks, Nejc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE06327.1080503>