I have a tried to set up a Linux (RedHat 6.0) firewall behind a router
running NAT (+).
I have all the packet forwarding working, but cannot get IPCHAINS set up
properly.
The chains work, but if I use one of the example chains files it blocks
everything.
I set the chains to open, and logged a simple web transaction from a machine
inside the firewall.
I seemed to call from port 1182 and have web data sent back to port 3630.
Later on
through the logs, I noticed that the receive port seemed to change every few
seconds,
from 3630 -> 3631 -> 3632.
Is this likely to come from the NAT box?
I checked /etc/services and these ports aren't listed.
Is it safe to use IPCHAINS to just block the ports relating to known
services, or
can attacks be perpetrated on ports that offer no services?
Thanks for any information (or sources of).
Dave Morris
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
