[ previous ] [ next ] [ threads ]
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: WII behind m0n0wall
 Date:  Thu, 11 Dec 2008 21:22:42 -0500
Chris Buechler wrote:
> On Thu, Dec 11, 2008 at 8:30 PM, Christopher M. Iarocci
> <iarocci at eastendsc dot com> wrote:
>> Actually, neither one of those really meets my needs.  I need 1.3B15 and I'm
>> going to keep it either way.  I just wish someone could explain why a 1:1
>> works and how I can work around the problem without suggesting I drop
>> 1.3B15.
> Source port rewriting maybe?  1.3b14 added "imported ipnat source port
> randomization patch from FreeBSD CVS", and rewriting source ports will
> break a lot of games. Maybe 1:1 doesn't rewrite source ports. Trying
> 1.3b13 would confirm or deny that.
> I also see:
> "added new option to System: Advanced page to control the port range
> used for random source port allocation during outbound NAT (default is
> 1024 - 64535; portrange sysctls have been adjusted accordingly)"
> But don't see a mention of any ability to turn it off and I don't have
> a b14 or newer box handy right now.
> -Chris
Do you think I can safely downgrade?  If so, I'll try going back to 
1.3B13.  Could you tell me why the patch?  Is it considered to raise 
security if you randomize ports?