* Martin Brecher wrote on Wed, May 09, 2001 at 01:29 +0200:
Well, I guess it's better to use another port range for local connections on a firewall box because having them in the range of 60000 up to 65000 might interfer with those firewall rules that control the masq connections.
I agree, this would remove to possibilty for an packet filter to distinguish between masqueraded and local connections.
Or are there any reasons for not using a range like 55000-60000 for local ports? It might just make defining filter rules easy, doesn't it?
I phad the idea to grab out the values from /proc, but of course this was a silly idea, since the firewall may be configured different as other non-masqueraded hosts. But in a very simple environment: a single firewall-router which masqurades anything (i.e. on dialup lines) this would work. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.