search for: 33434

I have a shorewall 2.0.14 running on a single interface machine (nwww in the log below) that is attempting to be well screwed down. The policy file reads:- #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST fw net DROP info net all DROP info # The FOLLOWING POLICY MUST BE LAST all all

...tting up a firewall on CENTOS 4.4. > > > > > > I have enabled ICMP to www.google.com > > > > iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT > > iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT > > traceroute uses by default UDP with port 33434. While this is true for a starting point, this is not the whole story. Traceroute starts on this port but every time it sends out a packet the port number is increased automatically. Why? Simple, the TTL is exceeded so traceroute sends out on the next port in numerical order. Thus traceroute n...

Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" From reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this instead:

...ed up 2.0.14. I didn''t realize that I had merged a change from 2.2.0 but hadn''t tested it. http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.15 1. The range of ports opened by the AllowTrcrt action has been expanded to 33434:33524 to allow for a maximum of 30 hops. 2. Code mis-ported from 2.2.0 in release 2.0.14 caused the following error during "shorewall start" where SYN rate-limiting is present in /etc/shorewall/policy: Bad argument `DROP'' Try `iptables -h'' or ''...

...>> add count icmp from any to any icmptypes 8 in >Nope. >> # Allow pings, ping replies, and host unreach: >> add allow icmp from any to any icmptypes 0,8,3 >Nope. >> # Allow UDP traceroutes: >> add allow udp from any to any 33434-34458 in >> add allow udp from any 33434-34458 to any out >Nope. >> # Allow DNS with name server >> add allow udp from any to any domain out >> add allow udp from any domain to any in >Nope. >> # SSH >> # No...

I'm not a master of the internet RFCs, but I do believe icmp messages have different types. Now to enable traceroute for IPFW, I might put in a rule like this: ipfw add pass icmp from any to me However, how would I make a rule to limit icmp messages to just those used by traceroute? Can the messages be distinguished as such? A dynamic rule that exists only for the duration of a traceroute

...>> > >> add allow icmp from any to any icmptypes 0,8,3 >> > > >> >>Add icmptype 11 as well if you want traceroutes to work .. >> >> > >> # Allow UDP traceroutes: >> > >> add allow udp from any to any 33434-34458 in >> > >> add allow udp from any 33434-34458 to any out >> > > >> >>Ok, though udp rules are often better done statefully. See below. >> >> > >> # Allow DNS with name server >> > >> add allow...

Hi, I am setting up a firewall on CENTOS 4.4. I have done default block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP I have enabled ICMP to www.google.com iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT Ping works fine as below [root at firebox rc.d]# ping 64.233.189.104 PING 64.233.189.104 (

...from the list, listed as port number ordered by total number of hits: DPT=3343 8859 DPT=23 7872 DPT=3344 5984 DPT=6 4925 DPT=68 4291 DPT=9 2625 DPT=3291 2524 DPT=32915 2523 DPT=143 2467 DPT=1433 2377 DPT=445 2037 DPT=33441 1544 DPT=33442 1522 DPT=33440 1511 DPT=33434 1511 DPT=33435 1487 DPT=33436 1486 DPT=33437 1476 DPT=33439 1458 DPT=33438 1439 DPT=80 1068 DPT=33443 1060 DPT=5060 948 Some of those are ports I've never been aware of, such as 3343, which /etc/services lists as "ms-cluster-net". Obviously something on MS systems, and a...

...some reworking as I created another TableGen identity. Its attached. If you can wait a week (as I am on another project at the moment) I will be able to do that. Aaron -------------- next part -------------- A non-text attachment was scrubbed... Name: MASM.tar.gz Type: application/x-gzip Size: 33434 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20060502/b42b5420/attachment.bin>

Ok, less talk and more action. I just implemented proper Microsoft ML/MASM support. It probably has a few rough edges, so if anyone wants to try it out please do and let me know if you encounter any problems. Note that you cannot take a bytecode file created by llvm-gcc on Unix, move it to Windows, translate it to Intel syntax assembler, assemble it with ML and expect it to work.

I recently moved a web site from an old Windows NT machine running Apache to a server running CentOS 4.1. Everything is working fine on the site except for one perl script. I have the standard directory setup: /var/www/html /var/www/cgi-bin etc We had to change our scripts when we moved them because they had windows paths. We have a problem with one script called: contactp.pl It's located

...y]: " --log-level 7 -A FORWARD -i eth1 -o wlan0 -j LOG --log-prefix "IP[FWD-Reply]: " --log-level 7 # Only pings with restricted icmp are allowed -A INPUT -i eth1 -p icmp -j ALLOWED-ICMP # Enable TRACEroute to me -I INPUT -i eth1 -p udp -d 192.168.0.127 --sport 32769:65535 --dport 33434:33523 -j ACCEPT # Enable SSH to me -I INPUT -i eth1 -p tcp -d 192.168.0.127 --dport 22 -j ACCEPT # Log all other -A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7 -A FORWARD -j LOG --log-prefix "IP[FWD]: " --log-level 7 -A OUTPUT -j LOG --log-prefix "IP[OUT]: "...

...------------ next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20050712/2bf639a9/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: MASM.tar.gz Type: application/x-gzip Size: 33434 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20050712/2bf639a9/attachment.bin>

I''m having a problem with the Shorewall firewall and CUPS printing interfering with each other. My Linux firewall machine is acting as both a CUPS server and client for all of my tests. Shorewall 2.0.13 CUPS 1.1.22-2 Linux kernel 2.6.9 CUPS was working fine to print to my Epson C84 (network connected via a Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I

Chris Lattner wrote: > On Mon, 1 May 2006, Jeff Cohen wrote: >> Chris Lattner wrote: >>> On Mon, 1 May 2006, Ralph Corderoy wrote: >>>> NASM might be the nicer target since it's GNU LGPL and runs on >>>> multiple >>>> OS. Its home page is broken at the moment, but the manual pages work. >>>> >>>>

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

...* 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,25,465,53,22,873,443,993,21,110 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:33434:33524 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2ursa (2 references) pkts bytes target prot opt in out source destination...

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not