From: Jeffrey Laramie <JALaramie@Loudoun-Fairfax.com>
To: SBlaze <dagent.geo@yahoo.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Kazaa Ports
Date: Mon, 08 Sep 2003 18:47:18 -0400 [thread overview]
Message-ID: <3F5D06F6.20408@Loudoun-Fairfax.com> (raw)
In-Reply-To: <20030908210228.48729.qmail@web40201.mail.yahoo.com>
Thanks for answering
>Assuming that you are running the Kazza on a Internal windows machine the
>POSTROUTING should handle all of the out going of the Kazza Client...
>
>
hmmm . . . I revised my rule set recently using the iptables tutorial
by Oskar Andreasson as a guide, and he recommends again doing any
filtering in the nat tables.
http://iptables-tutorial.frozentux.net/chunkyhtml/traversingoftables.html#TRAVERSINGGENERAL
>what is probably not making it through is the returning connection attempts of
>the Kazza servers? In which case... you shouldn't be using FORWARD lines at all
>sinnce these are supposedly destined for the local machine(as in the Linux box
>itself and not anything in your lan).
>
If you look further down in the link I posted, there is a diagram that
shows INPUT going to the localhost and the FORWARD being used for
packets destined for other hosts. Hmmm again . . . :-)
> What I think is needed here is the
>PREROUTING of a range or specific ports. I think this will solve your problem
>for Kazza but it offers very little as in the way of security for those ports.
>
>An example of this is when I used to run my Half-Life Deadicated Server on my
>internal Windows Machine I used a PREROUTING line such as...
>
>iptables -t nat -A PREROUTING -p udp --dport 27015 -i eth0 -j DNAT
>--to-destination 192.168.1.25:27015
>
>While my scenerio was alot simpler than yours it's similar I think. Your
>problem will be of course finding the range of ports. I would also say take
>note of the use of limiting it to one protocol(if you can). Better to have a
>straw open to the world than a big ol sewer pipe!
>
>
>
Absolutely! That's what makes this an issue for me. I can't nail down
the ports Kazaa needs and the more I open up the less protection I have.
I need to find a better strategy and I'm open to suggestions.
Jeff
next prev parent reply other threads:[~2003-09-08 22:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-08 15:49 Kazaa Ports Jeffrey Laramie
2003-09-08 17:01 ` SBlaze
2003-09-08 17:48 ` Jeffrey Laramie
2003-09-08 21:02 ` SBlaze
2003-09-08 22:47 ` Jeffrey Laramie [this message]
2003-09-09 3:53 ` SBlaze
-- strict thread matches above, loose matches on Subject: below --
2003-09-09 8:21 jimbo jones
2003-09-09 13:51 ` Jeffrey Laramie
2003-09-09 18:25 ` SBlaze
[not found] <NGBBLGFEALDADHNDAAFFIEPEDKAA.ksmith@perfht.com>
2003-09-10 18:34 ` Jeffrey Laramie
2003-09-11 9:08 ` Chris Lowth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F5D06F6.20408@Loudoun-Fairfax.com \
--to=jalaramie@loudoun-fairfax.com \
--cc=dagent.geo@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.