From mboxrd@z Thu Jan 1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
by nuthatch.gentoo.org with esmtp (Exim 4.54)
id 1FKliv-0004mh-Mp
for garchives@archives.gentoo.org; Sun, 19 Mar 2006 00:24:46 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
by robin.gentoo.org (8.13.5.20060308/8.13.5) with SMTP id k2J0Nk3p013813;
Sun, 19 Mar 2006 00:23:46 GMT
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.198])
by robin.gentoo.org (8.13.5.20060308/8.13.5) with ESMTP id k2J0JoDP025842
for <gentoo-user@lists.gentoo.org>; Sun, 19 Mar 2006 00:19:51 GMT
Received: by zproxy.gmail.com with SMTP id i1so930361nzh
for <gentoo-user@lists.gentoo.org>; Sat, 18 Mar 2006 16:19:50 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references;
b=W63RLgH98lOMi81YYQ+AeQGAI+aWvSN2dMZAwq343QBUTRZXxHR2MWx5dgyzO44tQ+J7kEGkcXVmA7M9UG35EqHDgrrW3DGnyJ0NE/BemCLouEd2OjrbTzMwbVra6VYj/QMX1PrG28QkqvppZDb27pLigxZXMRdUXrIlKgQUmNc=
Received: by 10.64.196.18 with SMTP id t18mr792215qbf;
Sat, 18 Mar 2006 16:19:49 -0800 (PST)
Received: by 10.65.230.4 with HTTP; Sat, 18 Mar 2006 16:19:49 -0800 (PST)
Message-ID: <bfe179c00603181619i320fcde8ib5d6434e4bf395a4@mail.gmail.com>
Date: Sat, 18 Mar 2006 18:19:49 -0600
From: "Dan Sheffner" <dsheffner@gmail.com>
To: gentoo-user@lists.gentoo.org, benno.schulenberg@gmail.com
Subject: Re: [gentoo-user] emerge --sync and iptables
In-Reply-To: <200603182139.15764.benno.schulenberg@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_5705_2100855.1142727589872"
References: <bfe179c00603180846o48fef35dxda1ace7194222ce@mail.gmail.com>
<200603182139.15764.benno.schulenberg@gmail.com>
X-Archives-Salt: 5293e2db-e267-4bfc-bede-6e481332b7f4
X-Archives-Hash: b4f54895b04b51bcf69d6e1d4e32e3e9
------=_Part_5705_2100855.1142727589872
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
so port 873 is going out? my default policy for OUTPUT is accept with no
rules. wich port should I accept as the INPUT?
On 3/18/06, Benno Schulenberg <benno.schulenberg@gmail.com> wrote:
>
> Dan Sheffner wrote:
> > iptables -A INPUT -i eth0 -p tcp -d $ip --dport 443 -j ACCEPT
> > iptables -A INPUT -i eth0 -p tcp -s 10.1.10.0/24 -d $ip
> > --dport 22 -j ACCEPT
>
> These two are incoming, so --dport is correct.
>
> > iptables -A INPUT -i eth0 -p tcp -s 10.1.10.37 -d $ip
> > --dport 873 -j ACCEPT
>
> Rsync is outgoing, toward port 873, so the answer is coming back
> from that port: --sport.
>
> Benno
> --
> gentoo-user@gentoo.org mailing list
>
>
------=_Part_5705_2100855.1142727589872
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
so port 873 is going out? my default policy for OUTPUT is accept with no ru=
les. wich port should I accept as the INPUT?<br><br>
<div><span class=3D"gmail_quote">On 3/18/06, <b class=3D"gmail_sendername">=
Benno Schulenberg</b> <<a href=3D"mailto:benno.schulenberg@gmail.com">be=
nno.schulenberg@gmail.com</a>> wrote:</span>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Dan Sheffner wrote:<br>> ipta=
bles -A INPUT -i eth0 -p tcp -d $ip --dport 443 -j ACCEPT<br>> iptables =
-A INPUT -i eth0 -p tcp -s=20
<a href=3D"http://10.1.10.0/24">10.1.10.0/24</a> -d $ip<br>> --dport 22 =
-j ACCEPT<br><br>These two are incoming, so --dport is correct.<br><br>>=
iptables -A INPUT -i eth0 -p tcp -s <a href=3D"http://10.1.10.37">10.1.10.=
37
</a> -d $ip<br>> --dport 873 -j ACCEPT<br><br>Rsync is outgoi=
ng, toward port 873, so the answer is coming back<br>from that port: --spor=
t.<br><br>Benno<br>--<br><a href=3D"mailto:gentoo-user@gentoo.org">gentoo-u=
ser@gentoo.org
</a> mailing list<br><br></blockquote></div><br>
------=_Part_5705_2100855.1142727589872--
--
gentoo-user@gentoo.org mailing list