On Nov 4, 2010, at 12:09 PM, Eric Norum wrote:
> On Nov 4, 2010, at 8:48 AM, Matthieu Bec wrote:
>
>>
>> Hi Mark,
>>
>> I left it as an unanswered question but came to the conclusion the udp destination needed to be widely open:
>>
>> # anything on VLAN65:
>> -A INPUT -m state --state NEW -m udp -p udp -s 172.16.65.0/24 --dport 5000:65535 -j ACCEPT
>>
>> get 'wireshark' if you cannot find ethereal for your distribution.
>>
>> Matthieu
>>
>
>
> This works, but I'm pretty sure that opening things up to that extent is going to get my machine blacklisted....
> I presume that what's happening is that my client is getting bound to some arbitrary UDP port to which the IOC then replies.
> I'm kind of surprised that this hasn't been an issue for others in the past.
I recently had the same problem. I think this was the change that took care of it:
-A INPUT -m udp -p udp --sport 5064 -j ACCEPT
Darren
- Replies:
- Re: Firewall (iptables) issues? Eric Norum
- References:
- Firewall (iptables) issues? Eric Norum
- RE: Firewall (iptables) issues? Mark Rivers
- Re: Firewall (iptables) issues? Matthieu Bec
- Re: Firewall (iptables) issues? Eric Norum
- Navigate by Date:
- Prev:
Re: Firewall (iptables) issues? Eric Norum
- Next:
Re: Firewall (iptables) issues? Eric Norum
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
<2010>
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Firewall (iptables) issues? Eric Norum
- Next:
Re: Firewall (iptables) issues? Eric Norum
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
<2010>
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
| 
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·