Subject Re: [firebird-support] Any news regarding SuperClassic and events
Author Milan Babuskov
Dimitry Sibiryakov wrote:
>> You cannot NAT/forward random ports
>> through a firewall when you don't know which they are.
> That's right, but this random port is choosen from some range. IIRC,
> it is 1024-65535.

That's a whole lotta ports to give to Firebird, don't you think. If you
have a firewall with hundreds of machines behind it, it is likely you
might need more than 1024 ports for other stuff, so some of 1024+ ports
will be used. Firebird server has no clue which ports in that range are
already 'taken' on the firewall, since it is not on the same machine.

When I wrote that there is room for improvement, I meant exactly this:
let user specify the port "range" in firebird.conf. So, SuperServer
would have


while Classic would have:


for example:


IIRC, I raised this issue on the development list about 2 years ago, but
there was no further discussion since now.

> Are you sure that command
> iptables -t nat -A PREROUTING -p tcp -d --dport
> 1024-65535 -j DNAT --to-destination

Yes, it works. In fact, I'm doing exactly that in some installations
where all ports 1024+ are not used on the firewall.

Milan Babuskov