Thank you very much for the help, Rodolfo, especially for taking the time to explain this so clearly... I really appreciate it. Thank you so much,
chas >>How do you add an ipchains rule to accept connections from >>a given host (eg. www.xxx.yyy.zzz) on a specific port (eg. 3333) ? >> >># /sbin/ipchains -I input -p tcp -s www.xxx.yyy.zzz 3333 -j ACCEPT > >Almost right. > ># ipchains -A input -p tcp -s www.xxx.yyy.zzz 1024:65535 > -d $MY_IP_ADDRESS 3333 -j ACCEPT ># ipchains -A output -p tcp ! -y -s $MY_IP_ADDRESS 3333 > -d www.xxx.yyy.zzz 1024:65535 -j ACCEPT > >The differences: > >1. Specifying "1024:65535" after his IP address allows connections only >from unprivileged ports, which is the way it should be happening. You may >eliminate this if you like to allow connections from any port on his machine. > >2. You specify the 3333 after *your* IP address, not after his. And you are >specific about your IP address (not just "--destination-port 3333" so that >your firewall doesn't even allow packets destined for other servers. > >3. You need an output rule as well. Otherwise his connection request will >get through but nothing will get back out. > >4. In the output rule, specifying "! -y" means "but NOT any SYN packets". >SYN packets are those used to request connections. So the inbound rule will >allow any traffic (including connection requests) and the outbound rule >will allow any traffic that does not initiate a new connection. So he can >connect to you but not you to him. (And he cannot get another program on >your machine to connect to his box either, which is more relevant.) > > >-- >Rodolfo J. Paiz >[EMAIL PROTECTED] > > > >_______________________________________________ >Redhat-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/redhat-list > _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
