----- Original Message ----- From: "Matthew Seaman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 28, 2003 5:31 PM Subject: Re: How to stop BIND from using high ports?
> On Tue, Jan 28, 2003 at 04:11:51PM +0100, Mark wrote: > > > --[ with src port = 53 ]-------- 15:33:03.472128 210.49.20.142.domain > > > 194.109.160.70.domain: [udp sum ok] 6636 A? asarian-host.net. [|domain] > > (ttl 64, id 13043, len 62) 15:33:03.802488 194.109.160.70.34336 > > > 210.49.20.142.domain: 6636*- q: A? > > > > Here it seems my BIND is indeed replying with a source port of 34336. > > Very peculiar. I have no idea how this is possible. :( > > Is your nameserver perhaps behind a NAT gateway? Does this option > from the natd(8) man page seem relevant to you? > > -same_ports | -m > Try to keep the same port number when altering outgoing > packets. With this option, protocols such as RPC will have a > better chance of working. If it is not possible to maintain > the port number, it will be silently changed as per normal. Matthew, you're a genius!! :) Although I do not have the NAT daemon running, I suddenly realized my hardware router does NAT too. You were so right! Even though the hardware NAT has no redirection defined for outgoing ports, this is, in fact, exactly what happened, just as you predicted. :) I disabled it altogether (I just used it for incoming port-redirection to several machines on my LAN, but I now solved that otherwise), and lo and behold, all problems are immediately gone and everything resolves again. :)) I'm impressed! Matthew, you're the man! :) - Mark To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
