sunscreen, source port

From: Kapetanakis Giannis (bilias_at_edu.physics.uoc.gr)
Date: 04/22/04

  • Next message: James M Galvin: "static routes when multi-homed" 
    Date: Thu, 22 Apr 2004 14:05:04 +0300 (EEST)
To: focus-sun@securityfocus.com

    I can't find a way to specify a service in sunscreen
    which is defined by the source port and not the
    destination port.

    I want to allow a connection originating from
    a specific source IP and source port.
    From what I've seen the port definition
    in 'add service' is for destination port only.

    I've tried both FORWARD and REVERSE but without any luck.
    Probably REVERSE does something else that i do not
    understand.

    Any help would be appreciated.
    thanx

    Kapetanakis Giannis

  • Next message: James M Galvin: "static routes when multi-homed"

    Relevant Pages

    • RE: L2TP + NAT-T
      ... "I'm using L2TP/IPSec since PPTP does not work through NAT. ... > Destination Port 0 ... > IKE Source Port 500 ... > IKE Destination Port 6159 ...
      (microsoft.public.win2000.ras_routing)
    • Re: SMTP and tcp ports
      ... This ACL would permit access to the internal SMTP server (listening on TCP port 25) from external clients and servers. ... The mail clients would be using a TCP source port>1023, and external mail servers would be using TCP source port 25, or TCP source port>1023. ...
      (comp.dcom.sys.cisco)
    • Re: Suspecious DNS traffic
      ... Every UDP and TCP packet has two port numbers, ... source port number. ... send a UDP packet with source port 53 and with destination port ... For TCP and stub DNS resolvers, ...
      (comp.protocols.dns.bind)
    • Re: SMTP and tcp ports
      ... for both the source port and for the destination port to our exchange ... random destination ports allocated by PAT on the edge router; ...
      (comp.dcom.sys.cisco)
    • Re: SMTP and tcp ports
      ... for both the source port and for the destination port to our exchange ... I thought inbound traffic to the server would be on ... You have static NAT setup for the SMTP server don't you? ...
      (comp.dcom.sys.cisco)