Hi all!!! How can I stop winmix peer to peer connections? I try in my gateway machine to write this : "iptables -A FORWARD -p tcp --syn -dport 6699 -j DROP", but it doesn't work. Winmix seem to connect anyway with a remote host at the port 6699. Anyone may help me? Thanks!!! Paolo
Hello, lab.civitanova@unimc.it wrote:
How can I stop winmix peer to peer connections? I try in my gateway machine to write this : "iptables -A FORWARD -p tcp --syn -dport 6699 -j DROP", but it doesn't work. Winmix seem to connect anyway with a remote host at the port 6699.
is there a rule above in that connecting to port 6699 is allowed? If so, try iptables -I FORWARD 1 -p tcp ... HTH GTi
On Jun 30, lab.civitanova@unimc.it
How can I stop winmix peer to peer connections? I try in my gateway machine to write this : "iptables -A FORWARD -p tcp --syn -dport 6699 -j DROP", but it doesn't work. Winmix seem to connect anyway with a remote host at the port 6699.
First: Better stop all traffic except for "known good" ports. There are so many was to do file sharing, that you can hardly prevent them by firewalling. Second: You probably have another rule that allows all traffic and the rule above is appended to your ruleset. Better use -I (insert) and not -A (append). Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
Scrive Markus Gaugusch
On Jun 30, lab.civitanova@unimc.it
wrote: How can I stop winmix peer to peer connections? I try in my gateway machine to write this : "iptables -A FORWARD -p tcp --syn -dport 6699 -j DROP", but it doesn't work. Winmix seem to connect anyway with a remote host at the port 6699.
First: Better stop all traffic except for "known good" ports. There are so many was to do file sharing, that you can hardly prevent them by firewalling.
Second: You probably have another rule that allows all traffic and the rule above is appended to your ruleset. Better use -I (insert) and not -A (append).
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Thanks everybody but nothing to do!!! Winmix connection seem to be alive anyway!!!! I try other ways Bye Bye
On Wednesday 30 June 2004 10.57, lab.civitanova@unimc.it wrote:
Thanks everybody but nothing to do!!! Winmix connection seem to be alive anyway!!!!
"alive"? Yes, since you used --syn, it won't touch existing connections. But are you seeing new connections started on port 6699 even with that rule first in the chain?
participants (4)
-
Anders Johansson
-
lab.civitanova@unimc.it
-
list@nolog.org
-
Markus Gaugusch