Re: [leaf-user] Bering/Shorewall vs. Dachstein

Wed, 12 Feb 2003 08:51:59 -0800 

Ray Olszewski wrote:

At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:


Sean E. Covel wrote:


BTW,
I did send Eyeball Chat a help request



[...]




I just read their Magic Bullet paper and I think that it works with 
Dachstein because on Dachstein (as with Seawall), the "Masquerade Port 
Range" is left open by the firewall. This allows incoming SYN packets

to sail right through the firewall AND will even route it to the 
correct internal system. It is a cute trick except that it is based on 
being able to exploit the primative capabilities of ipchains.





Tom -- Can you expand on this just a little bit more? (Or Lynn, can 
you?) This conclusion is kind of where I got to last night, but only for 
TCP. What is the equivalent of "SYN packet" detection for UDP? Or, to 
put it another way, how does iptables (or Shorewall) determine the state 
associated with a UDP packet? I can't figure it out from the iptables 
docs I have.





It's actually easier for UDP since UDP is connectionless. Applications 
can simply send a datagram to (external_ip,external_port). If the port 
is in the masquerade range, then it will be "open" and if the EyeBall 
client running on (internal_ip) has established a port mapping entry in 
the firewall of (external_port,internal_port) by having sent a datagram 
to the EyeBall server (who notes the external_port), then the incoming 
packets will sail right through.



After having given it some more thought, I don't believe that the same 
trick will work with TCP because it would require the EyeBall 
application to listen() on a connected socket.



-Tom

--

Tom Eastep    \ Shorewall - iptables made easy

Shoreline,     \ http://www.shorewall.net

Washington USA  \ [EMAIL PROTECTED]







-------------------------------------------------------

This SF.NET email is sponsored by:

SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!

http://www.vasoftware.com

------------------------------------------------------------------------

leaf-user mailing list: [EMAIL PROTECTED]

https://lists.sourceforge.net/lists/listinfo/leaf-user

SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html


























					Reply via email to