Re: [Masq] Denied Service

raf Tue, 26 Jun 2001 03:34:10 -0700
/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


Sperry Russ wrote:

> I am new to IPmasq and Linux.
> 
> I have installed a Linux firewall program named Smoothwall (Kernel 2.2.18).  I
> have an internet answering machine named Callwave operating on a Windows
> machine networked to the Linux machine.  I can connect to the Callwave server
> but cannot receive messages from Callwave.  They are being denied by the
> firewall.  I read the IPMASQ How to and still could not get it to receive.
> 
> The technical support at Callwave gave me this information:
> 
> "Our current protocol does not lend itself well to standard firewall rules.
> The client software on your desktop sends UDP packets
> from a random source port >1024 to port 9283 on our server . The server
> responds from port 9283 to the port >1024 that the client
> originated from. If you can control access to UDP packets by source port
> and grant access to those UDP packets coming from port
> 9283, you may find success."
> 
> What should I do to allow this through?
> 
> Thank You,
> Sperry Russ

well, you shouldn't allow it with ipchains because
it's stateless but if you're going to anyway, restrict
it to a fixed set of callwave servers. someone can still
spoof their addresses and get in but it's better than
nothing.

so first, find out what ip addresses their servers have.
then:

CALLWAVE_SERVERS="XXX"
extif="ppp0"

for server in $CALLWAVE_SERVERS
do
        # Allow masqueraded hosts to talk to known callwave servers
    ipchains -A output -i $extif -p udp --sport 61000:65096 -d $server 9283 -j ACCEPT
        # Allow known callwave servers to talk to masqueraded hosts
    ipchains -A input -i $extif -p udp -s $server 9283 --dport 61000:65096 -j ACCEPT
done

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
Re: [Masq] Denied Service

Reply via email to
