[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: high ports filtered?

On Thu, Nov 08, 2001 at 03:45:23PM +0100, Igor Mozetic wrote:
> We have closed tcp/udp ports 32750-32800 which are apparently
> used by nfs/rpc via portmapper.
> Now some client-side udp services don't work on
> some machines, eg, dns and asp queries (to outside), since they
> originate on these high numbered ports.
> How can one influence the client-side ports used,
> or should one narrow the range of closed udp nfs/rpc ports?

One option is to use stateful filtering so that connections that
originate from those source ports are allowed. If your firewall is
debian you can do this by using a 2.4 kernel and iptables.
Nate Campi        http://www.campin.net        GnuPG key: 0xC17AEF79   
Key fingerprint = BF12 722F 8799 E614 33CC  FAB7 5A90 C464 C17A EF79

"Don't let your sense of morals prevent you from doing what is right."
                                              -- Asimov, "Foundation"

Reply to: