Hugo Miguel Mendes escreveu:
Dear all, I'm running netfilter on a router operating OpenWRT Kamikaze 8.09, kernel 2.6.25.17. I have two computers on the router LAN which are programmed to get the time from an NTP server. This NTP server has a load balancing mechanism, so the computer that responds to the NTP request is not the same to where was sent the request. So the response is blocked by netfilter, because that connection wasn't started from the LAN. But the NTP server always keeps the same ports and always listens on port 123. So if you make the request from port 1024 to the port 123 of the server the response will come from 123 to 1024.
the load balancing mechanism for this NTP server is fucking broke. The load balancing mechanism is the one that should be fixed, not your netfilter module.
this kind of responde, coming from another ip, wont be allowed by any possible firewall, which in the last 6-7-8 years probably, are all statefull ones.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes@xxxxxxxxxxxxxx My SPAMTRAP, do not email it
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
