netbsd-users: Re: what is the NAT ports range for mapping one network?

Subject: Re: what is the NAT ports range for mapping one network?
To: None <netbsd-users@netbsd.org>
From: Jonathan A. Kollasch <jakllsch@kollasch.net>
List: netbsd-users
Date: 10/04/2005 13:14:14

On Tuesday 04 October 2005 05:33 am, Igor Sobrado wrote:
> Briefly: what is the ports range we must use for mapping one network
> to an address using NAT?

I use these two ipnat.conf lines on my NAT-router and have not noticed any 
problems:

map pppoe0 172.27.72.0/24 -> 0/32 portmap tcp/udp 16384:32767 mssclamp 1440
map pppoe0 10.143.27.0/24 -> 0/32 portmap tcp/udp 32768:49152 mssclamp 1440

I avoid ports just under 65535 as these are the source ports used by outgoing 
connections. In general a NAT-router won't be doing much more than packet 
mangling so using registered ports is not a problem.

	Jonathan Kollasch

P.S.
The real solution here is to migrate to IPv6, where the evils of NAT are 
totally unnecessary.