[prev in list] [next in list] [prev in thread] [next in thread]
List: ipfilter
Subject: Re[2]: IP Filter
From: Chris Wasser <cwasser () v-wave ! com>
Date: 1999-11-29 18:59:29
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
on 11/29/1999 3:28 AM, ark@eltex.ru wrote:
> nuqneH,
I assume this means hello?
> .BTW i don't think portrange mapping is a good solution for _this_ problem.
> It would be nice to have this feature, though, but i think writting an
> application proxy is generally better idea than using generic workarounds
> that can make your configuration insecure.
Yeah, although I was rather rash in how I went about it I was sure at
one time I had read that ipfilter supported ranged redirections such
as:
rdr [dev] inetHOST/mask portX:portY -> insideHOST portX:portY tcp/udp
The idea being that one doesn't have to write 100 redirection
directives for (as others have said) a broken Microsoft API. A proxy
such as the ftp-proxy in ipfilter is another idea, but as Darren said,
put up or shut up and since I'm no coder, I've chosen to shut up and
bide my time. :)
The stupid thing is DirectPlay doesn't even use ALL of those port
(2300-2400) it only uses a few of them but in no particular order.
It's a bad design to be sure. One of my clients plays a game called
"Rogue Spear" which doesn't use DirectPlay but all I needed to do was
redirect three ports to his workstation. Wish it was always that easy.
Here's a cool signature that aptly fits this particular thread:
"Failure is not an option, it's integrated into all Microsoft
products."
Heh, take'r easy...
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
iQA/AwUBOELNEXkOgeFubyAgEQKLcQCfXJj7K9OIaIR95Qdbj/PhPU/YeNkAoJ7r
uTUDJvB9Rqwyp9Zh6OeSW1xJ
=ypz2
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic