Nadav Har'El wrote: > On Wed, Jul 17, 2002, Iftach Hyams wrote about "RE: Disabaling (UDP/IP) ports for >system use :": >>>># cat /proc/sys/net/ipv4/ip_local_port_range >>>>32768 61000 >>> >>For me it is 1024 4099 > > Yes, this is usually the default, meaning that ephemeral ports (ports > chosen arbitrarily when the user does not specify a specific port number) > will only be from 1024 to 4099. > > As far as I know, if you're doing NAT on your machine you should keep the > maximum value in ip_local_port_range below 32768 - as ports above 32768 > are used when doing NAT.
Looking at the kernel sourcecode
(net/ipv4/netfilter/ip_nat_{core,proto_tcp}.c), it seems that TCP NAT is
hard-coded to use ports 1024...65535 cyclically, and uses ip_conntrack
to avoids collisions with other connections.
Eran
msg20545/pgp00000.pgp
Description: PGP signature
