Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
On 11/09/2004 Mike Mestnik wrote:
> /etc/service? This file lists the service names, I bet firehol will
> accept both names and numbers.
you bet wrong...
firehol accepts only internal configured services to be opened/closed.
> > sorry, i didn't get what you want to explain. you're talking about
> > ip_conntrack_ftp sources, or about firehol sources?
>
> Kernel sources ip_conntrack_ftp. You should also need to specify the
> ports param to ip_nat_ftp, if your doing NAT.
i guess i don't do NAT, as this is no gateway but rather a standalone
server.
> [... ip_contrack_ftp sources ...]
> That's it That's all. This will need to be expaneded to include searchs
> for all four of these in the SERVER direction, with the DIR_REPLY and
> DIR_ORIGINAL swaped. After that the code to support, do something usefull
> with, these new searchs will need to be added.
i still didn't get the point. you claim, that the module doesn't
understand the -ports option?
or do you mean that ip_conntrack_ftp has problems with handling more
than one IP-addresses, as i have 2?
> I realy don't think this tobe the case, as services are only open ports.
> Are you talking about client VS server, meaning that service-related ==
> client and port-related == server?
sorry for confusion, in firehol services have some configuration, and
thus you can only open/close configured services. simply using
portranges doesn't work.
bye
jonas
Reply to: