Re: DCERPC - does an add-on exist for netfilter

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jim Webster <jwebster@ilstechnology.com>
Cc: netfilter@vger.kernel.org
Subject: Re: DCERPC - does an add-on exist for netfilter
Date: Sun, 30 Jan 2011 18:00:22 +0100	[thread overview]
Message-ID: <4D459926.5080801@trash.net> (raw)
In-Reply-To: <AANLkTimMiM=NWeDvhPn_wKfab_sta89wxffMPcX2hMSO@mail.gmail.com>

On 30.01.2011 12:07, Jim Webster wrote:
> Hi.  I am new to the list and also fairly new to iptables and
> netfilter.  Linux and programming - am familiar with.
> Have been tasked to provide a way to move MSMQ (DCERPC?) traffic thru
> our firewall.
> The firewall is a CentOS iptables based box.
> 
> Unfortunately, I do not zet have the customer Wireshark trace showing
> the traffic, specificallz where the  address (and port) is supposedlz
> sent in the pazload.
> 
> A knowledgeable iptables/firewall person on our team has suggested we
> require a netfilter helper routine (ala the ftp connection tracking).
> 
> It seems to me however that instead, some tzpe of adaptive firewall
> technique is required to do this - opening a new NAT for the IP/port
> sent in the pazload and closing it when done.
> 
> If so, can this be done by a simple user app - perhaps a proxy, or
> should it be in the loadable kernel modules as the ftp connection
> tracker is?

Yes, you'll need a connection tracking helper that is able to
parse the DCERPC traffic in order to integrate this with netfilter
and NAT. I've looked into this a while ago, but due to the
complexity of the protocol it is non trivial.

next prev parent reply	other threads:[~2011-01-30 17:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-30 11:07 DCERPC - does an add-on exist for netfilter Jim Webster
2011-01-30 17:00 ` Patrick McHardy [this message]
2011-01-31 11:52   ` Jim Webster
2011-01-31 11:56     ` Victor Julien
2011-01-31 17:10       ` Jim Webster

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D459926.5080801@trash.net \
    --to=kaber@trash.net \
    --cc=jwebster@ilstechnology.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.