[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re[2]: IP Filter
From:       Chris Wasser <cwasser () v-wave ! com>
Date:       1999-11-29 18:59:29
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

on 11/29/1999 3:28 AM, ark@eltex.ru wrote:
> nuqneH,

I assume this means hello?

> .BTW i don't think portrange mapping is a good solution for _this_ problem.
> It would be nice to have this feature, though, but i think writting an
> application proxy is generally better idea than using generic workarounds
> that can make your configuration insecure.

Yeah,  although I was rather rash in how I went about it I was sure at
one  time  I had read that ipfilter supported ranged redirections such
as:

rdr [dev] inetHOST/mask portX:portY -> insideHOST portX:portY tcp/udp

The  idea  being  that  one  doesn't  have  to  write  100 redirection
directives  for  (as others have said) a broken Microsoft API. A proxy
such as the ftp-proxy in ipfilter is another idea, but as Darren said,
put  up  or shut up and since I'm no coder, I've chosen to shut up and
bide my time. :)

The  stupid  thing  is  DirectPlay  doesn't even use ALL of those port
(2300-2400)  it  only  uses  a few of them but in no particular order.
It's  a  bad  design to be sure. One of my clients plays a game called
"Rogue  Spear" which doesn't use DirectPlay but all I needed to do was
redirect three ports to his workstation. Wish it was always that easy.

Here's a cool signature that aptly fits this particular thread:

"Failure  is  not  an  option,  it's  integrated  into  all  Microsoft
products."

Heh, take'r easy...

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i

iQA/AwUBOELNEXkOgeFubyAgEQKLcQCfXJj7K9OIaIR95Qdbj/PhPU/YeNkAoJ7r
uTUDJvB9Rqwyp9Zh6OeSW1xJ
=ypz2
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]