Is it possible to open ranges of ports with ipchains? MSN Messenger won't send files through my firewall and I don't want to forward all it's ports to one machine, let them send a file, then forward them all to a different machine.. I've been google searching the thing for a week now =P I can't upgrade to iptables, the mahcine is having a hard enough time doing what it is now. Little 386DX40 =) I'm not going to even attempt a kernel compile.. Just curious, thanks! Dennis Stout P.S. I knwo this is off topic from security, but what the heck, everyone else is doing it... *sigh* ----- Original Message ----- From: "Troy Billington" <doshelp@doshelp.com> To: <security-discuss@linuxsecurity.com> Sent: Sunday, March 03, 2002 6:30 AM Subject: RE: new to list, wuestion about firewalling ports over 1024 You may need a very limited number of "dynamic ports", generally speaking it would be something like 1024-5000 not all the way to 65535 that's leaving way too much room for trojans/backdoors to operate freely. If I were you, id spend time examining your services for their port requirements and allocate only those range of ports. -----Original Message----- From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On Behalf Of Martin Kacerovsky Sent: Sunday, March 03, 2002 9:53 AM To: security-discuss@linuxsecurity.com Subject: new to list, wuestion about firewalling ports over 1024 And here's my question (if somebody can explain me), how is it with ports over 1024? I've read it's secure to leave them open, but I thing it will be more secure to close them :) So is it possible to choose exactly these ports I really need? For example I am running sshd, ftpd, netbios-* and talkd and with iptables I accept everything on ports over 1024 and below 1024 I refuse everything with exceptions on ports 21,22,... TIA -- Regards Martin Kacerovsky, student of the Faculty of Mathematics and Physics at the Charles University in Prague, in the Czech Republic, in Europe, on Earth, in the Universe where Linux operating system rules... ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
