Re: rshell and iptables

To: debian-isp@lists.debian.org
Subject: Re: rshell and iptables
From: Michael Wood <mwood@its.uct.ac.za>
Date: Mon, 15 Oct 2001 10:49:39 +0200
Message-id: <[🔎] 20011015104939.A11083@marmite.its.uct.ac.za>
Mail-followup-to: Michael Wood <mwood@its.uct.ac.za>, debian-isp@lists.debian.org
In-reply-to: <[🔎] 20011012160148.A12825@gregh.ilan.cogent.net>
References: <[🔎] 20011012160148.A12825@gregh.ilan.cogent.net>

On Fri, Oct 12, 2001 at 04:01:48PM -0700, Greg Hunt wrote:
> Hi, I'm trying to get rshell working on a server that's locked
> down pretty tight with iptables. I had to allow access to port
> 514 (shell) from the host that will be connecting to it, but I
> also had to allow access to port 1023 in order to get it to
> work. I'm thinking this port is chosen based on some kind of
> negotiation (like ftp maybe?). I'm worried that if more than
> one rsh process is going on at once I will need to open up
> some other ports (probably 1022,1021, etc?). Anyone know for
> sure what the deal with rsh is? I looked in the man page and
> couldn't find anything.

As someone else said, why not use SSH?

The r tools use a low numbered source port as a crude sort of
authentication in addition to the .rhosts stuff.  I seem to
remember something about the rsh server connecting back to the
client for stderr, though.  That might be the port 1023 you're
talking about.  I don't know if it needs just 1023 or if other
ports would be needed by more than one rsh connection.

-- 
Michael Wood
mwood@its.uct.ac.za

Reply to:

References:
- rshell and iptables
  - From: Greg Hunt <greg@supplyedge.com>

Prev by Date: Webalizer SOS
Next by Date: Re: Webalizer SOS
Previous by thread: Re: rshell and iptables
Next by thread: Bug#115468: O: ezmanage -- Manage multiple ezmlm mailing lists
Index(es):
- Date
- Thread