Re: high ports filtered?

To: Igor Mozetic <igor.mozetic@uni-mb.si>
Cc: debian-firewall@lists.debian.org
Subject: Re: high ports filtered?
From: Nate Campi <nate@campin.net>
Date: Thu, 8 Nov 2001 07:02:14 -0800
Message-id: <[🔎] 20011108070214.H19454@campin.net>
In-reply-to: <[🔎] 15338.39555.877375.796824@ravan.camtp.uni-mb.si>; from igor.mozetic@uni-mb.si on Thu, Nov 08, 2001 at 03:45:23PM +0100
References: <[🔎] 15338.39555.877375.796824@ravan.camtp.uni-mb.si>

On Thu, Nov 08, 2001 at 03:45:23PM +0100, Igor Mozetic wrote:
> We have closed tcp/udp ports 32750-32800 which are apparently
> used by nfs/rpc via portmapper.
> Now some client-side udp services don't work on
> some machines, eg, dns and asp queries (to outside), since they
> originate on these high numbered ports.
> How can one influence the client-side ports used,
> or should one narrow the range of closed udp nfs/rpc ports?

One option is to use stateful filtering so that connections that
originate from those source ports are allowed. If your firewall is
debian you can do this by using a 2.4 kernel and iptables.
-- 
Nate Campi        http://www.campin.net        GnuPG key: 0xC17AEF79   
Key fingerprint = BF12 722F 8799 E614 33CC  FAB7 5A90 C464 C17A EF79

"Don't let your sense of morals prevent you from doing what is right."
                                              -- Asimov, "Foundation"

Reply to:

Follow-Ups:
- Re: high ports filtered?
  - From: Igor Mozetic <igor.mozetic@uni-mb.si>

References:
- high ports filtered?
  - From: Igor Mozetic <igor.mozetic@uni-mb.si>

Prev by Date: high ports filtered?
Next by Date: Re: high ports filtered?
Previous by thread: high ports filtered?
Next by thread: Re: high ports filtered?
Index(es):
- Date
- Thread