Re: firewall/http problem with 2.4 kernel
On Mon, Sep 17, 2001 at 12:37:51PM +0100, Edgar Denny wrote:
>
> I've looked at the firewall logs, the packets from my Alpha get through
> the firewall, but the response from the external http server is denied.
>
> At typical line from the log file is:
> 24032:Sep 11 15:40:20 firewall kernel: Packet log: input - eth1 PROTO=6 209.116.70.80:80 155.198.83.63:34734 L=60 S=0x00 I=44910 F=0x4000 T=42 (#114)
>
> The reason they are denied is because a firewall rule denies any incoming
> http connections above port number 5999. Here the port number is 34734.
Why do you do that? That sounds like a bad idea. Just block 6000-6010
if you're worried about X, better yet use the new funky established
thingy in iptables.
Your alpha, as well as any other host, when it makes a TCP connection
needs 4 magic numbers to identify the connection.
source IP address - that's the alpha's IP
destination IP address - DNS lookups the hostname to an IP (a RedHat
host huh :)
destination TCP port, port 80 is default for http
Then last of all is the source port. Most hosts choose any old number
above 1024 that is not already used. They have a counter so they use
1025, then 1026,.....
You can say that your firewall rules will break the 5975th connection your
alpha makes and you'll have to wait for about 60,000 connections until it
works again.
> Though I don't understand http clearly, presumably this is because it is
> the port my machine opened to make the http connection in the first place.
Correct, the webserver swaps the source and destination ports and IP for
the reply.
> Anyone have any idea why my Alpha is chosing such a high port number, and
> how can I fix it?
Fix the firewall rules.
- Craig
--
Craig Small VK2XLZ GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.eye-net.com.au/ <csmall@eye-net.com.au>
MIEEE <csmall@ieee.org> Debian developer <csmall@debian.org>
Reply to: