On Wednesday 09 May 2001 02:23, Kurt Seifried wrote:
Well, I guess it's better to use another port range for local connections on a firewall box because having them in the range of 60000 up to 65000 might interfer with those firewall rules that control the masq connections.
No, they don't interfer.
IMHO a packet filter like ipchains can only decide what to do with a packet by looking at this very packet. So if you get a packet without SYN Flag set from somewhere to , say, port 61500, how can ipchains know if it's a response to a masqueraded request or a response to a request from al local app using this port ? Andreas Baetz ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been scanned for the presence of computer viruses. **********************************************************************