/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Jamin Collins wrote:
> Sperry Russ [mailto:[EMAIL PROTECTED]] wrote:
> > I am new to IPmasq and Linux.
> Welcome.
>
> > I have installed a Linux firewall program named Smoothwall
> > (Kernel 2.2.18).
> Not familiar with it particularly, but lets see what we can do.
>
> > The technical support at Callwave gave me this information:
> >
> > "Our current protocol does not lend itself well to standard
> > firewall rules. The client software on your desktop sends
> > UDP packets from a random source port >1024 to port 9283 on
> > our server. The server responds from port 9283 to the port
> > >1024 that the client originated from. If you can control
> > access to UDP packets by source port and grant access to
> > those UDP packets coming from port 9283, you may find
> > success."
> Well, most of the ipchains firewall scripts that I have seen set the rules
> up so that this is exactly what happens. A simplified description of what
> ipchains does is this. Any allowed outbound connection is remembered. When
no it isn't ipchains is stateless.
iptables is stateful.
masquerading does remember these "connections"
but that has nothing to do with whether or
not the packets are allowed. packets are
not allowed just because they are remembered.
they have to be allowed in before it can be
determined whether or not they are remembered
by the masquerading code.
> an response packet is received for a remembered outbound connection, it is
> allowed in and sent to the originator of the communication. From what
> you've written, this is what they are looking for. Perhaps a listing of
> your active rules set will help. As root run "ipchains -L >
> /root/ipchains-list.txt". This will output a copy of your ipchains rules
> into a file in root's home directory called ipchains-list.txt.
>
> Jamin W. Collins
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
