[Firehol-support] whats the deal with sourceport
Costa Tsaousis
costa at tsaousis.gr
Sun Oct 9 09:31:49 BST 2005
Redeeman wrote:
>hello, i was wondering, why is some connections blocked because of the
>source port being incorrect, should it matter what sourceport stuff
>comes from?
>
>
>
Of course. FireHOL checks the source ports too.
>its beause i tried to make my own nfs service, and found that it didnt
>work because of source port, this fixed though:
>
>server_redeenfs_ports="udp/32767 tcp/32767 udp/4001 tcp/4001 udp/2049
>tcp/2049"
>client_redeenfs_ports="500:65535"
>
>
>but isnt it abit ugly having such a wide range in the firewall?
>
>
>
The client port range is quite wide for most services.
>another question..
>
>this sourceport is only accepted on the nfs service then right? so it
>doesent just allow access to any of the services from that sourceport
>(if service is accepted)
>
>
>
server_x_ports and client_x_ports go as a pair. They don't interfere
with other services.
Costa
More information about the Firehol-support
mailing list