I have
nat on iwi0 from 192.168.19.4 port 2222 to any port 3333
-> 192.168.19.4
port 5000:55000 random
1) I noticed by using a port 5000:55000 range that my random
numbers were in
a larger pool. I don't know if that is true or not but it
appeared that
way from a few tests (and not looking at source). Do you
know what the
default port range is for "random"?
2) Also I did this without "random" and it
appeared to be random at first,
but then started using same port numbers. I then added
"random". From
looking at PF FAQ, it seems to say it "might be ...
replaced with randomly
chosen, unused port", but man page doesn't. Do you know
if it defaults to
"random"?
3) When using "random", it is mostly random, but
when I do multiple
requests to same destination (within a short period of
time), it uses the
same new source port. I can easily repeat this and see this
with both
tcpdump and pfctl -s state which shows MULTIPLE:MULTIPLE
(instead of
MULTIPLE:SINGLE).
I am trying to find a setting that will disable that, so it
will use a new
random port each time.
It is acting like "sticky-address" option is used.
pfctl -s timeouts shows
that src.track is 0s (default).
Any suggestions on ignoring that state so each connection
with identical
original source/destination IP/port will be randomized?
(By the way, this is not on FreeBSD. But I think this list
should be a
good help anyways. I am using PF 3.7 on NetBSD.)
Thanks
_______________________________________________
freebsd-pf freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
|
