RE: Why the firewall on Suse8.0 blocks internal packets on externel port?
Thank you, but that isn't, what I want. I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program. This program talks to the external Adress, but the Firewall blocks that. Why can I disable this security-option. Best regards, Jost Schöler ____________________________________________________________________________ ______________ SPT=1645 DPT=6667 That means, that from you internal net a service is called, that is hosted on port 6667 of an external server. Thats no standard service as http/pop ect and so it will blocked cauze it MAY be insecure. BTW http/pop maybe insecure too. Port 6667 seems to be IRC related. A good security policy is to allow notthing except services you really need. ____________________________________________________________________________ ___
* charly123 wrote on Mon, May 13, 2002 at 10:13 +0200:
I want to talk on Port 6667 (IRC-Server) of my own Server. You will say, I can probably talk to the internal Adress, but I can't do that with a specially-written program.
I think in SuSEfirewall* you can add a hook with own rules. I would suggest to accept requests for port 6667 on device eth0 (or whatever your internal interface is). With chains, this would be like ipchains -I input -d 0/0 6667 -i eth0 -j ACCEPT with tables this command is slightly different, check out the man page. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (2)
-
charly123 -
Steffen Dettmer