On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler <[EMAIL PROTECTED]> wrote: > Chris Buechler wrote: > >> No, pf has randomized source ports on all NATed TCP and UDP traffic for 8 >> years. I was surprised to find out that's the exception rather than the >> norm. Cisco, Checkpoint, amongst numerous others apparently do not randomize >> source ports on NATed traffic. >> > > I am not enthusiastic about this: > > Same Server behind pfSense and dd-wrt does differ sightly: > The server runs patched [EMAIL PROTECTED] >
And it does recursive queries, does not rely on upstream servers? Are you running with static port enabled? That's the only way your source ports aren't going to be randomized, assuming the server is NATed and not just firewalled. Static port disables the source port randomization. This without question works as described. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
