Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iptable explanation (SOLVED)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Mon Jan 25, 2010 7:05 am    Post subject: iptable explanation (SOLVED) Reply with quote

Hello everyone,

Can someone explain to me what this iptable rule does...

Quote:
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 6277 -j ACCEPT


...the DCC spamassassin docs say I need to use it but I was just wondering exactly what it does?


Last edited by JC99 on Mon Jan 25, 2010 7:32 pm; edited 1 time in total
Back to top
View user's profile Send private message
ashtophet
Guru
Guru


Joined: 08 Aug 2004
Posts: 396
Location: Galiza

PostPosted: Mon Jan 25, 2010 7:41 am    Post subject: Reply with quote

As the wiki article you pointed implies, it just allows (-j ACCEPT) incoming (-A INPUT) UDP traffic from DCC port (-p udp --sport 6277) to the local machine (--dport 1024:65535).

man iptables

http://www.yourwebexperts.com/viewforum.php?f=35
_________________
O coração, se pudesse pensar, pararia. Fernando Pessoa
If heart could think, it would stop
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Mon Jan 25, 2010 7:58 am    Post subject: Re: iptable explanation Reply with quote

EvilEye wrote:
Hello everyone,

Can someone explain to me what this iptable rule does...

Quote:
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 6277 -j ACCEPT


...the DCC spamassassin docs say I need to use it but I was just wondering exactly what it does?


in general, when client connects to server, the client opens a random high number source port, and connects to a fixed port on server; this rule is put into place so that the reply from the DCC servers - which will be sent from port 6277 to 1024-65535 or whichever random port your client opens - will be accepted.

The traffic looks something like this:

eth0:12345 ===request===> dcc0:6277
eth0:12345 <==response=== dcc0:6277

Where 12345 is the random port your client has chosen as its source port. It will change on every request, so they suggest exempting all non-reserved ports.

In the case of the client request, the destination port will be 6277
In the case of the server response, the source port will be 6277

No different than an HTTP request where it goes eth0:<randomport> ====> blah0:80 ====> eth0:<samerandomport>

They tell you to add this rule under the assumption that you allow all outbound traffic, but allow NO inbound traffic regardless of whether or not the inbound traffic is merely a response to a request you've made.

Rather, think of a scenario where your firewall allowed a client to make a request to a web server, but blocked the inbound response FROM the web server. It is such a situation this rule is trying to account for.

You may or may not need this rule, depending on your setup.

Usually people will have an iptables rule that looks something like:

Code:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT


If you have such a rule, this should be sufficient and you need not add an explicit rule for DCC. I know my DCC has been working for some time at least without an explicit rule.

Unless someone else comes in and points out some glaring error I missed, the aforementioned should be fine; but I'm open to learning something new.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
JC99
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Mon Jan 25, 2010 7:31 pm    Post subject: Reply with quote

cach0rr0, I do have that rule you mentioned so I won't use the DCC one.

Thanks for the explanations.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum