Re: solaris rshd question
From: David Mathog (mathog_at_caltech.edu)
Date: 03/22/05
- Next message: Hans Werner Strube: "Restrict DHCP replies?"
- Previous message: jk: "Re: Apache 2.0.5* Problem on Solaris 8"
- In reply to: Barry Margolin: "Re: solaris rshd question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 22 Mar 2005 08:43:36 -0800
Barry Margolin wrote:
> In article <d1nnfd$e4a$1@naig.caltech.edu>,
> David Mathog <mathog@caltech.edu> wrote:
>
>
>>Has anybody ever solved this before? It looks like it might
>>be necessary to modify rsh so that it can tell the firewall
>>to open the second port.
>
>
> The firewall should scan rsh packets to see where the second port number
> is sent to the server, so that it can open the port. This is analogous
> to the way firewalls monitor FTP control connections, looking for the
> "PORT" command that tells the server to open a data connection back to
> the client.
That was a good clue. After some googling it turns out this
is called "connection tracking" in iptables parlance. For it
to work a matching iptables module must exist. In this case it's
CONFIG_IP_NF_RSH
Unfortunately this option doesn't exist in 2.6.8-1, which is
the kernel version I'm using. It's apparently in 2.6.11. Not
sure when it was added or if the code is backwards compatible
with earlier kernels.
Thanks,
David Mathog
mathog@caltech.edu
- Next message: Hans Werner Strube: "Restrict DHCP replies?"
- Previous message: jk: "Re: Apache 2.0.5* Problem on Solaris 8"
- In reply to: Barry Margolin: "Re: solaris rshd question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
