iptables question, ports over 1024
Madison Kelly
linux-5ZoueyuiTZhBDgjK7y7TUQ at public.gmane.org
Thu Jun 23 18:19:31 UTC 2005
Lennart Sorensen wrote:
> On Thu, Jun 23, 2005 at 01:32:13PM -0400, Robert Brockway wrote:
>
>>You should not see anything different when opening or SNATting a port
>>over 1024[1]. I do this all the time.
>>
>>If you netcat to 1352 on the firewall do you see anything? Netcat will
>>work with either tcp or udp.
>>
>>What sort of connection failure are you getting (if any)?
>>
>>[1] Traditional *nix makes a distinction for anything over the first 1024
>>ports, which actually means the distinction applies to port over 1023 not
>>1024. Using the standard *nix security model a non-root user is not
>>allowed to bind ports over 1023. This has nothing to do with how iptables
>>reacts to the port however.
>
>
> Don't you mean a non-root user is only allowed to bind above port 1023?
>
> Lennart Sorensen
Remember that the firewall is merely forwarding packets, in this case,
not establishing connections. Does that impact on this at all?
Madison
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Madison Kelly (Digimer)
TLE-BU, The Linux Experience; Back Up
http://tle-bu.thelinuxexperience.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list