Re: further problems in the linux firewall

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Fri, 10 Jul 1998 09:22:02 +0930

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: K.Garloff@ping.de: "Re: *OFFICIAL* Tekram drivers for Linux, and weirdness."
Previous message: Andi Kleen: "Re: [PATCH] fork failures on ix86"
Maybe in reply to: kutek@raven.cybercomm.net: "further problems in the linux firewall"

In message <19980709104739.B8963@cybercomm.net> you write:
>
> Continuing with the further adventures of No Root Daemon Man and the
> Evil ipfwadm udp bug:
>
>
> to recap: transparent proxying is broken for udp in kernel 2.0.34(but works
> for tcp). with a rule like the following:
>
> ipfwadm -I -P -i accept -r 1153 -S 127.0.0.1/32 -D 127.0.0.1/32 53
>
> info coming from the daemon sitting on port 1153 ( named) is seen by the
> net app (ftp, telenet etc) making a dns request to port 53 as coming from
> port 1153 rather than 53 as would be expected.these net apps ( aside from
> nslookup) don't like this at all and cannot receive the dns info from the
> 1153 port.

And this surprises you *why* exactly? You really want NAT going the
other way, which we don't have. I don't think even ipportfw will help
you here.

Rusty.

-- .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu

Next message: K.Garloff@ping.de: "Re: *OFFICIAL* Tekram drivers for Linux, and weirdness."
Previous message: Andi Kleen: "Re: [PATCH] fork failures on ix86"
Maybe in reply to: kutek@raven.cybercomm.net: "further problems in the linux firewall"