Chris Buechler wrote:
> On Thu, Dec 11, 2008 at 8:30 PM, Christopher M. Iarocci
> <iarocci at eastendsc dot com> wrote:
>> Actually, neither one of those really meets my needs. I need 1.3B15 and I'm
>> going to keep it either way. I just wish someone could explain why a 1:1
>> works and how I can work around the problem without suggesting I drop
> Source port rewriting maybe? 1.3b14 added "imported ipnat source port
> randomization patch from FreeBSD CVS", and rewriting source ports will
> break a lot of games. Maybe 1:1 doesn't rewrite source ports. Trying
> 1.3b13 would confirm or deny that.
> I also see:
> "added new option to System: Advanced page to control the port range
> used for random source port allocation during outbound NAT (default is
> 1024 - 64535; portrange sysctls have been adjusted accordingly)"
> But don't see a mention of any ability to turn it off and I don't have
> a b14 or newer box handy right now.
Do you think I can safely downgrade? If so, I'll try going back to
1.3B13. Could you tell me why the patch? Is it considered to raise
security if you randomize ports?