Re: [TCLUG:7419] firewall configuration

[Ben Luey <lueyb@carleton.edu>]

On Mon, 9 Aug 1999, Michael Hicks wrote:

> > After searching dejanews, here's what I found. It sounds like those
> > ports are used by the masquerading, but is handled internally so you
> > don't need to open the ports up. If you have your IP Masquerading
> > machine behind a firewall, (different than your masquerading machine)
> > you will need to open up the 61000-65096 range for it to work.
> 
> Hmm..  Am I the only one that thinks that could be a bad thing?  I mean, all
> @Home or any other ISP has to do to prevent people from masquerading would be to
> block those ports.  Not so good, IMHO..

Question -- which side must these ports me open? I'm assuming that they
must be open on the intranet side for incomming requests? Because my
firewall blocks everything but ssh and smtp from the intranet and ip_masq
works fine. But come to think of it the clients aren't connecting to those
high ports. Could it be the loopback device or something strange that
needs those high ports?

Confused,

Ben

 

Ben Luey
lueyb@carleton.edu
ICQ: 19144397

I'd a helluva lot rather have them talking about this than the fact the fact we
are the party of the rich and that prices are high. This story is not helpful 
but, to the average guy, whether the Republicans bugged the Democrats doesn't 
mean a goddamned thing. It means something to intellectuals. It means something
to people who are concerned about repression and credibility and all that 
bullshit. But the average guy is chewing his pretzel."  
      -- Richard Nixon about Watergate.