On Fri, Mar 09, 2001 at 02:08:49PM +0100, Philipp Snizek wrote:
Hi, You could try first to open the communication to the specific chat servers without defining any ports. Having that you could collect some data about how the communication is set up and maintained. And then close what you don't need.
Philipp
I set the default policy to DROP. therefor I have to define some ports for accepting, or anything will go through the firewall. I don't want to define every IP which could get through. also, if I accept these IPs, any SYN packets coming from there would be accepted. thats not really fine:) the data looks like this: Client2 is asking Client1 for talk: Mar 8 22:30:32 skinner kernel: Firewall: IN=eth1 OUT=eth0 SRC=Client2 DST=Client1 LEN=112 TOS=0x00 PREC=0x00 TTL=127 ID=64298 PROTO=UDP SPT=4240 DPT=518 LEN=92 this packet is ok, I can perfectly accept it because port 518 is always the same. but now its difficult. the client1 is sending something like this: Mar 8 22:33:17 skinner kernel: Firewall: IN=eth0 OUT=eth1 SRC=Client1 DST=Client2 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=20812 DF PROTO=TCP SPT=1702 DPT=4245 WINDOW=8192 RES=0x00 SYN URGP=0 where the SPT and DPT differs everytime. I already thought about matching the TTL=123 and accepting this. the TTL seems to be 123 in all packets. maybe this is a possibility? Marco -- Marco Ahrendt phone : +49-341-98-474-0 adconsys AG fax : +49-341-98-474-59 Karl-Liebknecht-Str. 19 email : marco.ahrendt@adconsys.de 04107 Leipzig/Germany gnupg key at www.aktex.net/marco_work.asc