On Wed, Apr 05, 2000 at 12:56:04AM -0000, John Conover wrote:
> Do these require a socket from the client to the server that I have
> overlooked?
Not that I know of.
> I just have 23 and 1023 listed in the FW rules. Is there another?
??? 23 is telnet and 1023 is an unnamed reserved port. If you're opening up
1023 for SSH, then you should be aware that SSH will try 1023, then 1022,
then ... (I assume you meant 22 and 1023 BTW)
A standard solution is to make sure TCP responses (ie: responses w/
the ACK or RST bits set) are allowed through ports 1024-65535. Then w/
SSH, use the -P or "UsePriviledgedPort no" option. You only have to allow
through port 22 incoming if you want people to be able to access your SSH
server.
--
Randomly Generated Tagline:
"Are [Linux users] lemmings collectively jumping off of the cliff of
reliable, well-engineered commercial software?"
(By Matt Welsh)
