Dimitry Sibiryakov wrote:

>> You cannot NAT/forward random ports
>> through a firewall when you don't know which they are.
>
> That's right, but this random port is choosen from some range. IIRC,
> it is 1024-65535.

That's a whole lotta ports to give to Firebird, don't you think. If you
have a firewall with hundreds of machines behind it, it is likely you
might need more than 1024 ports for other stuff, so some of 1024+ ports
will be used. Firebird server has no clue which ports in that range are
already 'taken' on the firewall, since it is not on the same machine.

When I wrote that there is room for improvement, I meant exactly this:
let user specify the port "range" in firebird.conf. So, SuperServer
would have

RemoteAuxPort=x

while Classic would have:

RemoteAuxPort=x-y

for example:

RemoteAuxPort=20000-30000

IIRC, I raised this issue on the development list about 2 years ago, but
there was no further discussion since now.

> Are you sure that command
> iptables -t nat -A PREROUTING -p tcp -d 15.45.23.67 --dport
> 1024-65535 -j DNAT --to-destination 192.168.1.1

Yes, it works. In fact, I'm doing exactly that in some installations
where all ports 1024+ are not used on the firewall.

--
Milan Babuskov
http://www.flamerobin.org
http://www.guacosoft.com