On Fri, Mar 09, 2001 at 03:21:50PM +0100, Philipp Snizek wrote:
Client2 is asking Client1 for talk: Mar 8 22:30:32 skinner kernel: Firewall: IN=eth1 OUT=eth0 SRC=Client2 DST=Client1 LEN=112 TOS=0x00 PREC=0x00 TTL=127 ID=64298 PROTO=UDP SPT=4240 DPT=518 LEN=92
ok. 518 seems to be control port. you leave this one open.
yes, thats no problem.
the client1 is sending something like this: Mar 8 22:33:17 skinner kernel: Firewall: IN=eth0 OUT=eth1 SRC=Client1 DST=Client2 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=20812 DF PROTO=TCP SPT=1702 DPT=4245 WINDOW=8192 RES=0x00 SYN URGP=0
This seems to be data. what if you do something like this: accept 1024:65535 <-> 1024:65535 Question: how low can you set the hi-ports? Would be ok if you would do: accept 1024:4999 <-> 1024:4999
What port-range does the software need for data exchange?
the software seems to use 1700:1800 and 4200:4300. but I don't really want to open all these ports. :) we'll.. I think before I open the ports with these great ranges.. I`ll deny this chat :)
I already thought about matching the TTL=123 and accepting this. the TTL seems to be 123 in all packets. maybe this is a possibility?
Don't know. I don't think that u use ipchains or some firewall software I know.
I'm using iptables1.2 (netfilter.kernelnotes.org). It has very nice extensions like string matching, ttl matching and connection tracking for example. have a look at it :) Marco -- Marco Ahrendt phone : +49-341-98-474-0 adconsys AG fax : +49-341-98-474-59 Karl-Liebknecht-Str. 19 email : marco.ahrendt@adconsys.de 04107 Leipzig/Germany gnupg key at www.aktex.net/marco_work.asc