Alexandre Soares <[EMAIL PROTECTED]> wrote:
>
> That's when the company IT people decided to change the firewall rules
> and don't accept requests with source ports as high as 60000 ( read IP
> masquerading... ;-) ).
Did they have a *good reason* to do that? Or are they just trying to be
difficult? It seems like a direct attack on IP Masq, so you might want
to find out why they don't want that traffic on their network.
> so now, i'm faced with the problem... people can't read email anymore...
You should have those people complaining to IT, as well, so that it does
not appear that only one person was impacted by the change. :)
> can anyone please explain to me, how to configure the linux box so the
> requests are to be made from the same port as the destination?
That is not possible with masq as it is currently designed.
Also, what would happen if two clients behind your masq box decide to
use the same source port? Only one of them can use it. Will they
interfere with each other? How would the conflict be resolved? There
is no protocol to handle this...
If you are in desperate need of a solution that will work on your side,
you can change the masq port range by re-compiling your kernel.
In the source file, /usr/src/linux/include/net/ip_masq.h, you will find
this definition:
#define PORT_MASQ_BEGIN 61000
You can change it to some other number, such as 41000, and masquerade
will be performed in that range. I have never done this, but it is
theoretically possible. If your box is truly used ONLY for handling
masq requests, it should not impact the box's operation.
Good luck. Personally I would demand a satsifactory explanation from
IT, rather than bend over backwards and possibly break things at my own
site.
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
