Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]

To: Jonas Meurer <jonas@freesources.org>, debian-firewall@lists.debian.org
Subject: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
From: Mike Mestnik <cheako911@yahoo.com>
Date: Sun, 12 Sep 2004 07:03:45 -0700 (PDT)
Message-id: <[🔎] 20040912140345.40694.qmail@web11901.mail.yahoo.com>
In-reply-to: <[🔎] 20040912115559.GC3606@resivo.mejo.net>

--- Jonas Meurer <jonas@freesources.org> wrote:

> On 11/09/2004 Mike Mestnik wrote:
> > /etc/service?  This file lists the service names, I bet firehol will
> > accept both names and numbers.
> 
> you bet wrong...
> firehol accepts only internal configured services to be opened/closed.
> 
> > > sorry, i didn't get what you want to explain. you're talking about
> > > ip_conntrack_ftp sources, or about firehol sources?
> >
> > Kernel sources ip_conntrack_ftp.  You should also need to specify the
> > ports param to ip_nat_ftp, if your doing NAT.
> 
> i guess i don't do NAT, as this is no gateway but rather a standalone
> server.
> 
> > [... ip_contrack_ftp sources ...]
> > That's it That's all.  This will need to be expaneded to include
> searchs
> > for all four of these in the SERVER direction, with the DIR_REPLY and
> > DIR_ORIGINAL swaped.  After that the code to support, do something
> usefull
> > with, these new searchs will need to be added.
> 
> i still didn't get the point. you claim, that the module doesn't
> understand the -ports option?
> or do you mean that ip_conntrack_ftp has problems with handling more
> than one IP-addresses, as i have 2?
> 
Ohh wait, I could be wrong here.  I guess it's only for nating that you
need to care about direction???  The problem as I see it is that the PORT
cmd is only expected to come from the client end.  It ONLY dose.  However
when your mangeling you care wather it's inbound(DNAT) or outbound(SNAT). 
Would for an open port you care for the same reasons?

Yes, I think you need to have code for each case.  You need to have code
for firewalling a client and then some other code for the server.  AFAICT
only clients are handeled in the currrent code, not servers.

> > I realy don't think this tobe the case, as services are only open
> ports. 
> > Are you talking about client VS server, meaning that service-related
> ==
> > client and port-related == server?
> 
> sorry for confusion, in firehol services have some configuration, and
> thus you can only open/close configured services. simply using
> portranges doesn't work.
> 
Lookes like a whishlist bug to me.  I'd "dpkg --purge" it if I wasen't
able to open ports with it.

> bye 
>  jonas
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



		
_______________________________
Do you Yahoo!?
Shop for Back-to-School deals on Yahoo! Shopping.
http://shopping.yahoo.com/backtoschool

Reply to:

Follow-Ups:
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Jonas Meurer <jonas@freesources.org>

References:
- Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
  - From: Jonas Meurer <jonas@freesources.org>

Prev by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by Date: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Previous by thread: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Next by thread: Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]
Index(es):
- Date
- Thread