On Wednesday 12 February 2003 10:44 pm, Tom Eastep wrote:
> Here is the connection tracking table:
>
> udp 17 177 src=192.168.1.1 dst=12.77.140.250 sport=1347 dport=1193
> src=12.77.140.250 dst=12.243.227.207 sport=1193 dport=1347 [ASSURED] use=1
> udp 17 179 src=192.168.1.1 dst=12.77.14
Sean wrote:
Son of a ...
It worked first try. 2 changes from last time. I went from Shorewall
1.3.12a to 1.3.4. I connected to a MSN user, not an AOL user. Don't
know if either made a difference. I'll send you the shorewall status
file anyway. I didn't bother with the Dachstein ('cause
Ray Olszewski wrote:
At 02:45 PM 2/12/03 -0800, Tom Eastep wrote:
For a first shot on Bering, I think that the procedure that I outlined
before is still appropriate.
I agree, with one possible addition (I'm not sure quite how much
"shorewall status > /tmp/status" reports). I'd like to see
At 02:45 PM 2/12/03 -0800, Tom Eastep wrote:
Sean wrote:
So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics? I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what.
Sean wrote:
So, after much discussion, is there anything specific you would like me
to do Shorewall before I gather statistics? I can shut off all my other
machines and turn on/off everything/nothing, logg everything...whatever.
Just let me know what. How about Dachstein?
I'll be making my atte
3:46 PM
To: Ray Olszewski
Cc: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering/Shorewall vs. Dachstein
Tom Eastep wrote:
>
> Ah -- yes, now I see what you are getting at. Yet, it's apparently not
> working
>
I'm trying to keep up with this thread while at the sa
Tom Eastep wrote:
Ah -- yes, now I see what you are getting at. Yet, it's apparently not
working
I'm trying to keep up with this thread while at the same time following
a distributed training exercise on another monitor. During the lunch
break, I got a chance to look at what Ray wrote
Ray Olszewski wrote:
At 11:34 AM 2/12/03 -0800, Tom Eastep wrote:
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets
out the *same* UDP socket to the NAT'd port
Tom wrote:
> I just read their Magic Bullet paper and I think that it works with
> Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
> Range" is left open by the firewall. This allows incoming SYN packets
> to sail right through the firewall AND will even route it to the corre
At 11:34 AM 2/12/03 -0800, Tom Eastep wrote:
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets out
the *same* UDP socket to the NAT'd port at Peer B.
[...]
The k
8. (Tricky part.) Peer B now switches to sending UDP packets out the
*same* UDP socket to the NAT'd port at Peer A.
9. (Tricky part, part 2.) Peer A now switches to sending UDP packets out
the *same* UDP socket to the NAT'd port at Peer B.
Those "tricky" parts are standard when using UDP.
N
Let me first apologize to everyone here except (I hope) Lynn and Tom. This
is a somewhat tedious thread for leaf-user (it might be better suited to
leaf-devel). But I think it is important to sort out why the EyeBall
service works with Dachstein (ipchains) but not Bering/Shorewall
(iptables), s
On Wednesday 12 February 2003 11:05 am, Ray Olszewski wrote:
> Yeah, this was my reasoning too (though my thinking about TCP is a bit more
> involved). And in reading between the lines a bit, I pretty much inferred
> that EyeBall uses UDP for the p2p part, and TCP only for the connection to
> the
> Tom -- Can you expand on this just a little bit more? (Or Lynn, can
you?)
> This conclusion is kind of where I got to last night, but only for
TCP.
> What is the equivalent of "SYN packet" detection for UDP? Or, to put
it
> another way, how does iptables (or Shorewall) determine the state
> assoc
Ray Olszewski wrote:
But it still leaves unanswered one question that I really would
appreciate your (or somebody's -- Lynn?) help with:
iptables lets me specify state rules for ACCEPTing all packet types, not
just TCP. For UDP, what test does ipchains apply to a packet to classify
it as NEW
At 08:41 AM 2/12/03 -0800, Tom Eastep wrote:
Ray Olszewski wrote:
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with
Ray Olszewski wrote:
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
Range" is l
At 07:13 AM 2/12/03 -0800, Tom Eastep wrote:
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request
[...]
I just read their Magic Bullet paper and I think that it works with
Dachstein because on Dachstein (as with Seawall), the "Masquerade Port
Range" is left open by the firewall. T
Sean,
Sean E. Covel wrote:
Tom,
I'm a complete iptables noob, and you are obviously an expert at this
point. Eyeball Chat does claim that it works with iptables. Is the
connection tracking table a recent addition? Can you think of what
might have to be done for it to work with iptables?
C
Tom,
I'm a complete iptables noob, and you are obviously an expert at this
point. Eyeball Chat does claim that it works with iptables. Is the
connection tracking table a recent addition? Can you think of what
might have to be done for it to work with iptables?
If they ever get back to me ab
Sean E. Covel wrote:
BTW,
I did send Eyeball Chat a help request, but since it is free software,
I'm not holding my breath.
I'm willing to pursue this just to see if this magic silver bullet they
have going actually works. Strange that they have instructions on how
to blow holes in your firewal
BTW,
I did send Eyeball Chat a help request, but since it is free software,
I'm not holding my breath.
I'm willing to pursue this just to see if this magic silver bullet they
have going actually works. Strange that they have instructions on how
to blow holes in your firewall (static patch) if th
Sean E. Covel wrote:
I'd be more than willing to help debug this. I have both the Dachstein
and Bering firewalls setup, I just switch the cables and I'm set to go.
If you want specifics of the setups, tell me what you need and I'll send
it to you.
Under Bering:
a) "shorewall reset"
b) Try to c
I'd be more than willing to help debug this. I have both the Dachstein
and Bering firewalls setup, I just switch the cables and I'm set to go.
If you want specifics of the setups, tell me what you need and I'll send
it to you.
Eyeball Chat says it does NOT use H323 (is that the correct number?)
At 07:14 PM 2/11/03 -0800, Tom Eastep wrote:
Lynn Avants wrote:
That used to be somewhat true until stateful firewalls started being used.
Before that there would have been so many problems with net-based
applications
while filtering high-ports that most firewall's never gave much thought
to bl
At 08:53 PM 2/11/03 -0500, Sean wrote:
Thanks for your responses.
After spending more time on their website, I discovered their
"Any-Firewall-Whitepaper" where it states that I actually don't have a
problem since their technology works transparent to firewalls and
NAT.
Lynn, you are correct. T
Lynn Avants wrote:
That used to be somewhat true until stateful firewalls started being used.
Before that there would have been so many problems with net-based applications
while filtering high-ports that most firewall's never gave much thought
to blocking this traffic under SOHO use.
There is
On Tuesday 11 February 2003 07:53 pm, Sean wrote:
> Thanks for your responses.
>
> After spending more time on their website, I discovered their
> "Any-Firewall-Whitepaper" where it states that I actually don't have a
> problem since their technology works transparent to firewalls and
> NAT.
That
Thanks for your responses.
After spending more time on their website, I discovered their
"Any-Firewall-Whitepaper" where it states that I actually don't have a
problem since their technology works transparent to firewalls and
NAT.
Lynn, you are correct. There are some high UDP ports, but accord
, 2003 4:20 PM
To: [EMAIL PROTECTED]
Subject: Re: [leaf-user] Bering/Shorewall vs. Dachstein
On Sunday 09 February 2003 08:58 pm, Sean wrote:
> I have been using Dachstein for a few years. I recently decided to
give
> Bering a try. I use an app, EyeBall chat, to video chat to relatives.
>
On Sunday 09 February 2003 08:58 pm, Sean wrote:
> I have been using Dachstein for a few years. I recently decided to give
> Bering a try. I use an app, EyeBall chat, to video chat to relatives.
> It worked just fine under Dachstein. It is NOT working under Bering.
> It appears the app uses a nu
I have been using Dachstein for a few years. I recently decided to give
Bering a try. I use an app, EyeBall chat, to video chat to relatives.
It worked just fine under Dachstein. It is NOT working under Bering.
It appears the app uses a number of dynamic UDP and TCP connections for
the audio/vid
32 matches
Mail list logo