either use netstat or a sniffer like tcpdump.
Most likely you're hitting web servers that play on port 8080, check with
the tools mentioned then tighten yer rulebase again.
Thanks,
Ron DuFresne
On Mon, 24 Jul 2000, Stan Kaufman wrote:
> Is there some way to determine what kinds of additional connections a
> web site tries to open when you hit a page so that you can determine
> which services you want to let through in a packet filtering firewall?
>
> I've set up an ipchains Linux firewall. Initially I just opened a few
> destination ports (filtering with masquerading in chains jumped to from
> the forward chain as per the IPCHAINS-HOWTO example); eg:
> ipchains -A int-ext -p TCP --dport www -j MASQ
>
> That works fine for standard web sites, but fails with sites that use
> SSL (obviously). For example, nothing from the Wall Street Journal
> Interactive site comes across at this point. So I add SSL rules:
> ipchains -A int-ext -p TCP --dport 443 -j MASQ
> ipchains -A int-ext -p UDP --dport 443 -j MASQ
>
> Now part of the WSJI page comes across, but not all. So I add another
> rule to let any packet that didn't start out there through:
> ipchains -A int-ext -p TCP --dport 1024: ! -y -j MASQ
>
> Now the WSJI works fine. So how do I tell what I've just let in?
>
> Similarly, when I hit the Real Audio site web site
> (http://www.real.com), the pages don't load since the firewall isn't
> letting something through (even with that last rule). Although I've got
> a default -l -j REJECT rule for that chain, nothing shows up in
> /var/log/kern.log. How do I tell what port Real Audio is trying to open
> when I hit their site that this firewall is catching? {Note, I'm not
> talking about letting RealAudio itself through; I found the proper ports
> to open and that works fine. I'm talking about the Real Audio corporate
> web site.)
>
> TIA for any help. I searched long&hard through this list's archives via
> Geocrawler (http://geocrawler.com/lists/3/Security/90/0/ what a
> resource!!) without finding an answer.
>
> Stan
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
