[NCLUG] port monitorer

dann dannf at dannf.org
Sun Feb 18 20:59:40 MST 2001 

hey,
  here are the rules provided by the "Linux Firewall Design Tool" for
allowing ICQ connections:
http://linux-firewall-tools.com/linux/firewall/index.html

you can also try logging denied packets & watch the logs while you use
your icq client.

    # ICQ server (4000)
    # -----------------
    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp  \
             -s any/0 $UNPRIVPORTS \
             -d $IPADDR 2000:4000 -j ACCEPT 

    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
             -s $IPADDR 2000:4000 \
             -d any/0 $UNPRIVPORTS -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
             -s any/0 $UNPRIVPORTS \
             -d $IPADDR 4000 -j ACCEPT 

    ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
             -s $IPADDR 4000 \
             -d any/0 $UNPRIVPORTS -j ACCEPT 


    # ICQ client (4000)
    # -----------------
    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp  \
             -s $IPADDR $UNPRIVPORTS \
             --destination-port 2000:4000 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \
             --source-port 2000:4000 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT 

    ipchains -A output -i $EXTERNAL_INTERFACE -p udp  \
             -s $IPADDR $UNPRIVPORTS \
             --destination-port 4000 -j ACCEPT 

    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp  \
             --source-port 4000 \
             -d $IPADDR $UNPRIVPORTS -j ACCEPT

"Mark C. Smith" wrote:
> 
> Greetings,
> My firewall is blocking a needed port for running icq, and I'm having
> a hard time finding it.  I realize icq is *supposed* to use
> 2000-2020 tcp and 4000 udp, but those are open and it's still not
> working unless I open everything.
> Do you guys know of a tool that will tell me which ports are being
> used so that I can run it w/ icq and see what icq's doing?
> Muchas gracias.
> 
> Mark
> 
> *---------------------------------------------------------------------------*
> Mark c. Smith                            Markcs at CS.ColoState.EDU
> Dept. Computer Science                   http://WWW.CS.ColoState.EDU/~markcs
> Colorado State University                (970)491-5305 (work)
> *---------------------------------------------------------------------------*
> 
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug

-- 

dannf at dannf.org

More information about the NCLUG mailing list