On Mon, Jul 21, 2008 at 3:39 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler > <[EMAIL PROTECTED]> wrote: >> Chris Buechler wrote: >> >>> No, pf has randomized source ports on all NATed TCP and UDP traffic for 8 >>> years. I was surprised to find out that's the exception rather than the >>> norm. Cisco, Checkpoint, amongst numerous others apparently do not randomize >>> source ports on NATed traffic. >>> >> >> I am not enthusiastic about this: >> >> Same Server behind pfSense and dd-wrt does differ sightly: >> The server runs patched [EMAIL PROTECTED] >> > > And it does recursive queries, does not rely on upstream servers? Are > you running with static port enabled? That's the only way your source > ports aren't going to be randomized, assuming the server is NATed and > not just firewalled. Static port disables the source port > randomization. This without question works as described.
Unless the delay between queries given the same source port on the querying machine is smaller than the UDP state timeout. Nothing we can do to solve this, it's an issue with the process doing the querying. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
