On 25.07.2008, at 01:48, Chris Buechler wrote:
> I believe ipfilter will randomize source ports by default on NATed
> traffic just like pf does, but I'm not sure of that.
It doesn't, yet, so running a DNS server behind m0n0wall while using
PAT (not just 1:1 NAT) will undo the DNS server's query port
randomization. ipfilter 4.1.30 apparently does source port
randomization (from the change log: "2020447 IPFilter's NAT can undo
name server random port selection") - I'll wait for it to appear in
FreeBSD's CVS repository, and if it doesn't happen within a couple of
days, I'll go through the trouble of importing 4.1.30 myself.
But this is an entirely different beast than Dnsmasq's own
randomization (which works fine in 1.3b13) - only people who run their
own recursive DNS server behind m0n0wall are affected.