Tom, I'm a complete iptables noob, and you are obviously an expert at this point. Eyeball Chat does claim that it works with iptables. Is the connection tracking table a recent addition? Can you think of what might have to be done for it to work with iptables?
If they ever get back to me about this, I'll be sure to let you know! Sean On Wed, 2003-02-12 at 10:13, Tom Eastep wrote: > Sean E. Covel wrote: > > BTW, > > > > I did send Eyeball Chat a help request, but since it is free software, > > I'm not holding my breath. > > > > I'm willing to pursue this just to see if this magic silver bullet they > > have going actually works. Strange that they have instructions on how > > to blow holes in your firewall (static patch) if their > > magic firewall approach works so well... > > > > I just read their Magic Bullet paper and I think that it works with > Dachstein because on Dachstein (as with Seawall), the "Masquerade Port > Range" is left open by the firewall. This allows incoming SYN packets > to sail right through the firewall AND will even route it to the correct > internal system. It is a cute trick except that it is based on being > able to exploit the primative capabilities of ipchains. > > That little trick will not work with Shorewall because the NetFilter > connection tracking table identifies connection endpoints by > (ip,protocol,port) rather than just by (protocol,port). So just because > EyeBall running on 192.168.12.12 is connected to the EyeBall server via > external address w.x.y.z and port P doesn't mean that EyeBall user at > address a.b.c.d can open port P on w.x.y.z and be able to successfully > connect through the firewall to 192.168.12.12. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ [EMAIL PROTECTED] > ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
