Maintained by: NLnet Labs

[Unbound-users] no local port randomization ?

shmick at riseup.net
Fri Jul 19 19:29:35 CEST 2013


hello paul,

Paul Wouters:
> On Wed, 10 Jul 2013, shmick at riseup.net wrote:
> 
>> im not achieving any local port randomization whatsoever
> 
> What are your settings for outgoing-range: and outgoing-port-permit: ?

outgoing-range: 8192
outgoing-port-permit: 1024-65535
> 
>> in my config i have 0x20 enabled and 3 outgoing interfaces. Must i have
>> 4 outgoing interfaces to enable local port randomization ?
> 
> While having multiple IPs/interfaces adds to the randomization of source
> address, it should be independant of the port randomization.
> 
>> essentially the range of local ports is tiny - probably no more than 100
>> according to 2 different tests performed
> 
> Are you behind a NAT that's causing your ports to get NATed
> sequentially?

my unbound:

Version 1.4.20
linked libs: libevent 2.0.21-stable (it uses epoll), ldns 1.6.16,
OpenSSL 1.0.1 14 Mar 2012
linked modules: validator iterator
configured for x86_64-unknown-linux-gnu on Fri Jul 19 07:05:39 EST 2013
with options: '--with-ldns' '--with-libevent'

connected to LAN cable

not sure how any middleware would be mangling this - any suggestions ?

> 
> Paul
>