From: "Anthony Creapeau" <creapeaa@msoe.edu>
To: "'Speakup is a screen review system for Linux.'"
<speakup@braille.uwo.ca>
Subject: RE: iptables?
Date: Mon, 26 Mar 2007 00:56:31 -0500 [thread overview]
Message-ID: <000001c76f6b$8140f450$6401a8c0@tunes> (raw)
In-Reply-To: <20070325233903.GB20873@localhost.localdomain>
TCP Ports 20, 21 and 20 are FTP, SFTP and SSH ports respectively. These
ports are outgoing communications used by the respective protocol, (IE. FTP,
SFTP and SSH) and the responding or incoming communications usually are
negotiated to use ports above 1024. Hope this makes sense.
-----Original Message-----
From: speakup-bounces@braille.uwo.ca [mailto:speakup-bounces@braille.uwo.ca]
On Behalf Of Gregory Nowak
Sent: Sunday, March 25, 2007 6:39 PM
To: Speakup is a screen review system for Linux.
Subject: Re: iptables?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I think I see the problem.
Basically, you want to use --dport, instead of --sport. For example, the way
you have it now:
iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT
means that you'd be accepting connections with source ports 20:22. If I
understand tcp/ip correctly, that could never happen with those ports, I
think they're used only for responding to already initiated connections. So,
if what you want to do is to allow connections on ports 20:22 in this
example into your box, use --dport.
Greg
On Sun, Mar 25, 2007 at 03:36:43PM -0700, Littlefield, Tyler wrote:
> Hello list,
> I've got the following iptables set.
> iptables -F
> iptables -A INPUT -p tcp --sport 20:22 -j ACCEPT iptables -A INPUT -p
> tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --sport 110 -j
> ACCEPT iptables -A INPUT -p tcp --sport 3784 -j ACCEPT iptables -A
> INPUT -p tcp --sport 443 -j ACCEPT iptables -A INPUT -p tcp --sport
> 6666:6670 -j ACCEPT iptables -A INPUT -p tcp --sport 10000 -j ACCEPT
> iptables -A INPUT -p tcp --sport 20000 -j ACCEPT iptables -P INPUT
> DROP iptables -P OUTPUT ACCEPT I'm dmzed, and when I run this, it puts
> everything to filter.
> Any idea what I'm doing wrong?
> Thanks,
> ~~TheCreator~~
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP
SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGBwgX7s9z/XlyUyARAsCLAJ97NBM9eFYvQtGXAtO205j37fTk1gCfW+HS
ArSXMxhPWyq79WeX8FnJ8y4=
=Em7O
-----END PGP SIGNATURE-----
_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup
next prev parent reply other threads:[~ UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
iptables? Littlefield, Tyler
` iptables? Gregory Nowak
` Anthony Creapeau [this message]
` iptables? Gregory Nowak
` iptables? Ralph W. Reid
` iptables? Littlefield, Tyler
` iptables? Ralph W. Reid
` iptables? Littlefield, Tyler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='000001c76f6b$8140f450$6401a8c0@tunes' \
--to=creapeaa@msoe.edu \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).