[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Openvds-devel] iptables
|
From: |
Eje Gustafsson |
|
Subject: |
Re: [Openvds-devel] iptables |
|
Date: |
Sun, 9 Dec 2001 22:45:49 -0600 |
embedded..
Sunday, December 09, 2001, 20:45:18 , you wrote:
SG> From: "Eje Gustafsson" <address@hidden>
>> I not played around with that part. I just recently started to play
>> with iptables was using ipchains until recently so not entire familiar
>> with iptables. However the chain that is being used is called
>> PREROUTING and there is something that is called POSTROUTING also and
>> in between we got OUTPUT.
>> My understanding is that PREROUTING only affects packages that enter
>> the machine. POSTROUTING only packages that leave the firewall.
>> So to be able to alter locally generated traffic you need to alter in
>> the OUTPUT chain (from my understanding the output been/is slightly
>> broken and not functioning as should so this might been/be the reason
>> why this one was not/is not used)
>>
SG> Hmm, any ideas how we would make these rules work with the OUTPUT chain?
SG> Btw, anyone know any decent documentation for iptables? The man page is just
SG> a reference which assumes to much existing knowledge, while a couple of the
SG> HOWTOs I've looked at just deal with esoteric scenarios which don't apply to
SG> what I want to do (stuff like this port forwarding).
Best documentation I see so far for iptables can be found at
http://www.boingworld.com/workshops/linux/iptables-tutorial/iptables-tutorial/iptables-tutorial.html
Also some additional pretty decent links can be found here
http://www.linuxguruz.org/iptables/
I'm going to convert my ipchains firewall machine to an iptables
firewall here so I should learn pretty good there. Maybe when I done
so I can tell how we should do it ;P
>> Personally I never seen a browser that ever used udp to connect to
>> port 80 or 443. Guess I could always setup a rule on my firewall to
>> log any usage of udp to port 80 or 443 and let it run and see if I
>> after a few days have any calls using udp on these ports.
>> What would happen if you didn't have the rules there in place ?
>> Nothing much would be my guess all browsers I seen use tcp at all
>> times so shouldn't be any problem. If someone do something very odd or
>> weird I guess the call would fail if the rules wasn't there.
>>
SG> My thoughts exactly. I'll take them out, just to simplify things a little
SG> :-)
Nod. Totally agree there. When I first setup freevsd on my box I
looked at the rules and was woundering just the same thing you did.. I
couldn't really come up with anything then either.
However I know there is an mp3 shoutcast module for apache anyone know
if this module will use port 80 udp or how it will be functioning ?
This is the only thing I could think of that MIGHT use udp on port 80.
Re: [Openvds-devel] iptables, Chris Fulton, 2001/12/09
- Re: [Openvds-devel] iptables, jimmy, 2001/12/11
- Re: [Openvds-devel] iptables, Urivan Saaib, 2001/12/11
- [Openvds-devel] Forum is available, RoseHosting Admin, 2001/12/11
- Re: [Openvds-devel] iptables, jimmy, 2001/12/11
- Re: [Openvds-devel] iptables, Urivan Saaib, 2001/12/11
- [Openvds-devel] w, who, hostname and uname, Lev V. Vanyan, 2001/12/12
- Re: [Openvds-devel] w, who, hostname and uname, Chris Fulton, 2001/12/12
- Re: [Openvds-devel] w, who, hostname and uname, Lev V. Vanyan, 2001/12/12