On Tue, 24 Sep 2019, Andrew Cagney wrote:
Subject: [Swan-dev] has iptables SNAT started assigning random ports?
see
https://testing.libreswan.org/v3.28-839-g49ccf4dde-master/ikev2-32-nat-rw-rekey/OUTPUT/east.console.verbose.txt
nic# iptables -t nat -A POSTROUTING -s 192.1.3.0/24 -p udp --sport
4500 -j SNAT --to-source 192.1.2.254:3500-3700
I'm guessing that, in the past, the first port - 3500 - was assigned
but now a random port - in the above 3633 - is being assigned
PS: I need to tweak a sanitizer so that 3500 isn't sanitized but
that's not the problem here.
PPS: I wish we used 3-digit port numbers in these tests, usermode is
dead and we're running as root
commit ec4eabf7c5a0030d684bbb52abf9cf5d12bc9380
Author: Paul Wouters <[email protected]>
Date: Mon Jul 8 23:07:16 2019 -0400
testing: sanitizers: only sanitize 5 digit ephemeral source ports.
We have too many of the same rules to sanitize this :/
So if you make it start at 32768, they should get sanitized as ephemeral
ports.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
