LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] port forwarding

[ILUG] port forwarding

Conor Daly conor.daly at met.ie
Mon Jun 5 23:25:44 IST 2000 

-----Original Message-----
From: ago at hollo.idg.hu <ago at hollo.idg.hu>
To: ilug at linux.ie <ilug at linux.ie>
Date: 05 June 2000 20:50
Subject: [ILUG] port forwarding


>Hi !
>
>Is there a step-by-step guide to the $SUBJECT ?


IPchains HOWTO at www.linuxdoc.org

>When a user starts an ftp connection it sends
>packets to the port 21. But in some cases the files (packets) arrive at
>some other unusual ports (eg. 5000 and so on). And if I deny the uses of
>other ports than 20,21,25,110,443,80,22 they will never arrive.

If you start an ftp session, it goes out through one of your "unpriviledged"
ports  (ie those >1024) eg. port 5000 to port 21 of the target machine.  The
responses come back to your port 5000.  Any attempt to connect to *your* ftp
server will be coming *in* to port 21 from some high numbered port.  What
you need is a pair of rules that
1. allow connections from your high ports to a remote port 21
    This will allow you to make FTP connections
2. deny connections from any port to your port 21
    This will prevent any remote machine from making FTP connections to your
machine.

The same principle applies to other services that use the ports you list.
Your outgoing connections are from *your* high ports to these ports on the
remote machine.  Any connections coming *in* to your listed ports are
attempts to connect to *your* services.  Unless you want to run a web server
(which you do), an FTP server (which you probably don't), a telnet service
(again you probably don't), you should deny access from outside to these
ports.

have a look at www.linux-firewall-tools.org for more info

---
Conor Daly
-------------------------------------
General Forecast Division
Met Eireann
Glasnevin Hill
Dublin 9.

ph +353 1 8064255
fax +353 1 8064275

conor.daly at met.ie
-------------------------------------

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell