Re: [Masq] Opening ports

Wed, 27 Dec 2000 19:32:12 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Carl Engstrom wrote:

> I need to open up ports 27000:27015 for the world.  I'm just wondering if by
> opening up those specific class c networks, that I'm asking for trouble...
> 
> carl
> ----- Original Message -----
> From: "Gary S. Mackay" <[EMAIL PROTECTED]>
> To: "Carl Engstrom" <[EMAIL PROTECTED]>
> Cc: "ipmasquerading" <[EMAIL PROTECTED]>
> Sent: Wednesday, December 27, 2000 6:22 PM
> Subject: Re: [Masq] Opening ports
> 
> > Do you need to open them up or just stop the logging? I just removed the
> > "LOGGING" at the end of the line to stop the annoying log entries.
> >
> > - Gary
> >
> > Carl Engstrom wrote:
> > >
> > > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> > > /* ALSO: Don't quote this header. It makes you look lame :-) */
> > >
> > > I think I found the problem...Thanks for the help Gary.  It looks like
> one of
> > > the rules is blocking all traffic from these Class C networks.
> > >
> > >  #65.0.0.0 - 65.255.255.255
> > > /sbin/ipchains -A output -j REJECT -i $EXTIF -s $UNIVERSE -d 65.0.0.0/8
> > > LOGGING
> > > # 66.0.0.0 - 67.255.255.255
> > > /sbin/ipchains -A output -j REJECT -i $EXTIF -s $UNIVERSE -d 66.0.0.0/7
> > > LOGGING
> > >
> > > And the same for the input...the question is...If I stop these, will I
> open up
> > > a huge hole?

those networks are reserved (i.e. unusable) so i'd leave the rules in
(but maybe turn off logging).

do you have any idea why you are receiving packets from there?
(it sounds like you do since you want to take the rules out)

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to