i only added my subnet mask to that line .... -s 192.168.5.0/24
Connecting is not the issue, staying connected is. For some reason there
are irregularly timed disconnects. NO way of tracing what end fo the
connection (lan/fw) they're comming from.
i don't quite understand what you're ssaying here.
>> >> OK - I apologize for the MSFT quip.
>> >> My iptables knowledge is not great. By stateful, do you mean if I
>> >> have the following in my firewall?:
>> > Usually stateful works like this (for non-icmp stuff): iptables -A
>> > INPUT -i eth0 -p ! icmp -m state \ --state ESTABLISHED,RELATED -j
>> > ACCEPT iptables -A OUTPUT -o eth0 -p ! icmp -m state \ --state
>> > NEW,ESTABLISHED,RELATED -j ACCEPT
>> > (the \ means that the next line continues the command)
>> > I.e. the generally accepted stateful setup is to allow only new
>> > connections outbound, but established (i.e. we started the connection)
>> > related (i.e. related to something we started) are ok both incoming
>> > and outgoing.
>> By coincidence i've been trying to get msn-clients connecting to
>> msn-server for some time now. Works flawless with linux msn-clients but
>> (ahum) native msn-clients disconnect. Also reports MSNP8 instead of
>> MSNP9, truly odd.
>> What i did was install hlfl and write some really simple script, then
>> compile the rules, this in combination with reaim should have done the
>> trick. But i fumbled.
>> > What I meant was that if you're only doing that, and not filtering the
>> > ports themselves, you should be fine. Port-filtering firewalls are
>> > different than stateful firewalls. Port-filtering assumes that only
>> > traffic comes in and goes out on certain ports, so it filters based on
>> > port #. Stateful filters based on the (abstract) state of the
>> > which can be better, or at least simpler, for home users. I prefer a
>> > combination of the two, but what I was asking is if you're filtering
>> > on the port or on the state.
>> > A port filtering firewall would look more like this: # HTTP: iptables
>> > -A INPUT -i eth0 -p tcp --sport 80 -j ACCEPT iptables -A OUTPUT -o
>> > eth0 -p tcp --dport 80 -j ACCEPT # DNS: iptables -A INPUT -i eth0 -p
>> > udp --sport 53 -j ACCEPT itpables -A OUTPUT -o eth0 -p udp --dport 53
>> > -j ACCEPT
>> If you plan on using reaim you can just copy the rules from the
>> documentation, they're made for nat ...
>> >> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>> > Why are you using forward? Does this box act as a router/firewall?
>> >> because I do.
>> >> From reading some sites on the web, it would ssem that I also need to
>> >> supply IGP/UPnP support for iptables, but the solutions I found for
>> >> seem so complicated to install that Linus himself couldn't get it up
>> >> running.
>> > IGMP? I don't allow that protocol at all, and I usually block it for
>> > security reasons.
>> > UPnP? I also don't use that for security reasons, and the fact that I
>> I've just downloaded the linux-igd wich is the michievous attempt at
>> getting ms-ics / upnp to linux ... since i can't get reaim/iptables to
>> do what it should.
>> > absolutely hate WinXP.
>> I am not alone then ?
>> Pfew, there's something about it that's just ... piculiar, too piculiar.
>> >> Any ideas?
>> > Uh, yeah, tell me what you're wanting to do with the firewall and
>> > where how this machine is being used, and your progress so far.
>> I'm willing to post my configs, just in case. Maybe we can work this
>> issue together ?
>> Best Regards,
>> Dr. Chandra