I have an unusual situation where a client uses port knocking to reduce the amount of junk hitting a public service. The service is desired to be accessed on a PDA via T-mobile's US cell network. The trouble is that T-mobile seems to be natting from a pool of public IP addresses. The PDA can perform the knock, but it doesn't usually come from the same public IP as the desired connection. The knock seems to always come from a public IP in the same /24 as the desired connection, though.
I looked in the docs and researched some on Snow-Man's page about how the recent match works, but it's not clear to me how to specify the -s parameter with a /24 to override a /32 designation on the source address when the desired port is opened. We're using Shorewall-perl 4.2.2 in this instance. Is this not possible with the way the recent match works or the way Shorewall uses it? This setup is basically verbatim to the port knocking example on shorewall.net, and it works flawlessly for connections where the public IP is the same for the knock and the data connection. Sorry for the lack of line wrap...I haven't seen a way to do this in Outlook yet. ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
