Re: help with --helper sane

netfilter.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Andrew Beverley <andy@andybev.com>
To: Mike Wright <mike.wright@mailinator.com>
Cc: netfilter list <netfilter@vger.kernel.org>
Subject: Re: help with --helper sane
Date: Sun, 09 Dec 2012 21:18:51 +0000	[thread overview]
Message-ID: <1355087931.26190.110.camel@andrew-desktop> (raw)
In-Reply-To: <50C4F111.8090702@mailinator.com>

On Sun, 2012-12-09 at 12:14 -0800, Mike Wright wrote:
> Hi all,
> 
> I'm trying to make a usb scanner network available using "saned".  The 
> machines involved are both running "saned -a".  It works well until I 
> turn on iptables on the machine with the scanner.
> 
> If I enable firewalling with port 6566 open the scanner initializes but 
> never proceeds beyond that point.
> 
> I tried these:
> 
> -A INPUT -p tcp -m tcp --dport 6566 -m conntrack --ctstate NEW -m helper 
> --helper "sane" -j ACCEPT
> -A INPUT -p udp -m udp --dport 6566 -m conntrack --ctstate NEW -m helper 
> --helper "sane" -j ACCEPT

That's only accepting the packet that initiates the connection. You'll
need to allow subsequent related packets as well. Something like:

-A INPUT -p tcp -m conntrack --ctstate ESTABLISHED -j ACCEPT

I don't know the "sane" protocol, so you might need to add RELATED as
well. You'll also need to make sure that you're allowing the packets to
return out as well (OUTPUT).

Also, I consider the dport *and* helper match a bit of an overkill. I
would just use the dport match, at least until it's working.

     prev parent reply	other threads:[~2012-12-09 21:18 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-09 20:14 help with --helper sane Mike Wright
2012-12-09 21:18 ` Andrew Beverley [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1355087931.26190.110.camel@andrew-desktop \
    --to=andy@andybev.com \
    --cc=mike.wright@mailinator.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).