From: Jeffrey Laramie <JALaramie@Loudoun-Fairfax.com>
To: SBlaze <dagent.geo@yahoo.com>
Cc: netfilter@lists.netfilter.org
Subject: Re: Kazaa Ports
Date: Mon, 08 Sep 2003 18:47:18 -0400 [thread overview]
Message-ID: <3F5D06F6.20408@Loudoun-Fairfax.com> (raw)
In-Reply-To: <20030908210228.48729.qmail@web40201.mail.yahoo.com>
Thanks for answering
>Assuming that you are running the Kazza on a Internal windows machine the
>POSTROUTING should handle all of the out going of the Kazza Client...
>
>
hmmm . . . I revised my rule set recently using the iptables tutorial
by Oskar Andreasson as a guide, and he recommends again doing any
filtering in the nat tables.
http://iptables-tutorial.frozentux.net/chunkyhtml/traversingoftables.html#TRAVERSINGGENERAL
>what is probably not making it through is the returning connection attempts of
>the Kazza servers? In which case... you shouldn't be using FORWARD lines at all
>sinnce these are supposedly destined for the local machine(as in the Linux box
>itself and not anything in your lan).
>
If you look further down in the link I posted, there is a diagram that
shows INPUT going to the localhost and the FORWARD being used for
packets destined for other hosts. Hmmm again . . . :-)
> What I think is needed here is the
>PREROUTING of a range or specific ports. I think this will solve your problem
>for Kazza but it offers very little as in the way of security for those ports.
>
>An example of this is when I used to run my Half-Life Deadicated Server on my
>internal Windows Machine I used a PREROUTING line such as...
>
>iptables -t nat -A PREROUTING -p udp --dport 27015 -i eth0 -j DNAT
>--to-destination 192.168.1.25:27015
>
>While my scenerio was alot simpler than yours it's similar I think. Your
>problem will be of course finding the range of ports. I would also say take
>note of the use of limiting it to one protocol(if you can). Better to have a
>straw open to the world than a big ol sewer pipe!
>
>
>
Absolutely! That's what makes this an issue for me. I can't nail down
the ports Kazaa needs and the more I open up the less protection I have.
I need to find a better strategy and I'm open to suggestions.
Jeff
next prev parent reply other threads:[~2003-09-08 22:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-08 15:49 Kazaa Ports Jeffrey Laramie
2003-09-08 17:01 ` SBlaze
2003-09-08 17:48 ` Jeffrey Laramie
2003-09-08 21:02 ` SBlaze
2003-09-08 22:47 ` Jeffrey Laramie [this message]
2003-09-09 3:53 ` SBlaze
-- strict thread matches above, loose matches on Subject: below --
2003-09-09 8:21 jimbo jones
2003-09-09 13:51 ` Jeffrey Laramie
2003-09-09 18:25 ` SBlaze
[not found] <NGBBLGFEALDADHNDAAFFIEPEDKAA.ksmith@perfht.com>
2003-09-10 18:34 ` Jeffrey Laramie
2003-09-11 9:08 ` Chris Lowth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F5D06F6.20408@Loudoun-Fairfax.com \
--to=jalaramie@loudoun-fairfax.com \
--cc=dagent.geo@yahoo.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox