/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
Fuzzy Fox wrote:
>
> The masq code is hard-wired to use ports in the range 61000-65096. Once
> you run out of them, the masq code can't re-use them without screwing up
> existing connections. You could expand the port range yourself, but it
> is not recommended. You can probably fix this more easily by finding
> the problem protocol and working around it.
Is there a reason that it's set to 4096 ports? I've been looking at
replacing a firewall with a nice IP-chains setup, but this number of
ports might not be acceptable, since we're masquerading about 600
simultaneous clients, and many of these are going to be heavy users.
I can see some of these connections staying open for long periods of
time. As it is, in 1 day, if ports never time out, we use up about 32K
ports on our current firewall (it's broken, so it doesn't release
ports until reboot, that's why it's going away). Anyway, back to the
4096 limitation, anybody who's hacking on this piece of code that can
tell my why that was picked? Enterprises are going to need a heck of
a lot more than that. As long as I'm on the topic, how does IP-MASQ
handle multiple "outside" or internet-side addresses? Thanks,
Greg
Future Guru
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
