Hi Christian On 2001.08.22 13:51:28 +0100 Christian Gottschalch wrote:
hi all ! i've got a little problem, at the moment i'm setting up RRDTool with NRG as grafik frontend. Problem is now, the host on wich i've run RRDtool is behind a firewall, so i think i've not to manny options, i'll only allow answer packages that was send from my RRDTool host, is there a reason to bring this working with IPChains ? at the moment i allow all udp packages from extern(temporarily) think thats not so good, other reason is an UDP Proxy i think, but i've only found some udp forwarding Proxys with few security.
If I understand correctly, you have one machine with NRG, and a firewall between this machine and the RRD server. Most readers of this list would probably agree that allowing all UDP traffic from the internet is generally a *BAD* thing. I have no experience of the RRDtools package, but I have done a bit of firewall work over the years... ipchains could certainly be used to control connections to your RRD server - eg only on the "safe" UDP ports, and possibly only from certain trusted clients. (but remember the possibility of IP spoofing!) However, I suggest that if you are on a 2.4.x series kernel, you use the newer iptables firewall - it can do "stateful filtering" so that you don't have to work too hard to produce output rules - if an incomming connection can be made, then replies can also be allowed easily.
in advance THX
Hope that helps a bit. Maf. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~