Stuart, Where I can set the port range of NAT?
Greetings On Thu, Aug 17, 2017 at 5:04 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2017-08-16, Juan Guillermo Narvaez <guille...@nrvz.net> wrote: > > *match out on bge0 inet from 172.21.0.0/19 <http://172.21.0.0/19> to any > > nat-to 200.91.35.55* > > natting a whole /19 to a single address, especially with the default port > range > 50001-65535, isn't going to work well. > > I'd suggest at least using a dedicated IP (not used for services or locally > sourced connections) with "port 1024:65535", if not multiple IPs. > > As already mentioned, check your state limit. Also check sysctl > net.inet.ip.ifq, > if there are drops you may need to increase the queue size. > > > -- J. Guillermo Narvaez @_aran0id
