Clifford Hammerschmidt <[EMAIL PROTECTED]> wrote:
>
> >It sounds like your ISP is filtering traffic which has a source port in
> >the masq port range (61000-65535).
>
> Wouldn't that possible screw up a lot of things? (Other than MASQ)
No.
> I imagine MASQ must do something to prevent "regular" user sockets
> from trying to use 61000: while it's in effect, but if you're not
> using MASQ wouldn't this cause sporadic connection failures?
As I understand it, the masq range of 61000-65535 was chosen
specifically because it is so rarely used. You might ask the reverse
question: Wouldn't masq screw things up on a regular network because it
makes the high numbered ports unusable? The answer is no, because these
ports are hardly ever used.
> Is there an option in the MASQ setup to use a different port range?
You will find the following sequence in your kernel source file,
/usr/src/linux/include/net/ip_masq.h:
/*
* Linux ports don't normally get allocated above 32K.
* I used an extra 4K port-space
*/
#define PORT_MASQ_BEGIN 61000
#define PORT_MASQ_END (PORT_MASQ_BEGIN+4096)
You could adjust these numbers to anything you like. Be warned, though,
that the lower you place them, the more problems you will have with
connections clashing with the masq port range.
You might want to call your ISP and confirm that they filter this port
range. If they do filter it, ask them why. If it is specifically for
the purpose of preventing you from doing masquerade, then modifying the
above source could cause you to violate your terms of service with your
ISP. I'd simply complain to them that they should stop filtering you,
and threaten to go with another ISP. Of course, if there are no other
ISP's, well, do what you have to do. Modify the above source and see
what breaks. ;)
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
