iptables question, ports over 1024

Thu Jun 23 17:41:19 UTC 2005

you have to add both a NAT rule and a 
FORWARD ... ACCEPT rule

i sometimes forget to do the FORWARD and the result is as you explained.

-tl

On Thu, Jun 23, 2005 at 01:32:13PM -0400, Robert Brockway wrote:
> On Thu, 23 Jun 2005, Madison Kelly wrote:
> 
> > Hi all,
> > 
> >   I have a client trying to get into port 1352 (MyPC, I think) on their
> > (windows) server. I've added a rule to allow inbound connections to 1352 (80
> > was already in the iptables firewall and it works. Is there something I am
> > missing about opening a TCP port over 1024?
> 
> You should not see anything different when opening or SNATting a port 
> over 1024[1].  I do this all the time.
> 
> If you netcat to 1352 on the firewall do you see anything? Netcat will 
> work with either tcp or udp.
> 
> What sort of connection failure are you getting (if any)?
> 
> [1] Traditional *nix makes a distinction for anything over the first 1024 
> ports, which actually means the distinction applies to port over 1023 not 
> 1024.  Using the standard *nix security model a non-root user is not 
> allowed to bind ports over 1023.  This has nothing to do with how iptables 
> reacts to the port however.
> 
> Rob
> 
> -- 
> Robert Brockway B.Sc.
> Senior Technical Consultant, OpenTrend Solutions Ltd.
> Ph: +1-416-669-3073 Email: rbrockway-wgAaPJgzrDxH4x6Dk/4f9A at public.gmane.org http://www.opentrend.net
> OpenTrend Solutions: Reliable, secure solutions to real world problems.
> Contributing Member of Software in the Public Interest http://www.spi-inc.org
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
> 
> 
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml