firestarter blocking use of high ports by firefox and SSH
Jack Jackson
jackson.linux at gmail.com
Mon Aug 8 13:04:49 UTC 2005
I'm having some problems with firestarter blocking use of high ports by
firefox and SSH.
On my machine, /proc/sys/net/ipv4/ip_local_port_range starts at 32768
and 61000
I am seeing multiple things such as (I've xxxed out my server's IP
address, but firestarter shows my server's ip address):
Time: Aug 8 08:20:06 Source: 72.224.xx.xxx Destination: 192.168.2.36 In
IF: eth0 Out IF: Port: 33534 Length: 44 ToS: 0x00 Protocol: TCP
Service: Traceroute
Time: Aug 8 08:21:00 Source: 72.224.xx.xxx Destination: 192.168.2.36 In
IF: eth0 Out IF: Port: 33116 Length: 104 ToS: 0x00 Protocol: TCP
Service: Unknown
If I allow any single one of those ports, traffic increments to the next
higher port and is then blocked again. Yet I worry about unblocking all
those ports because eventually (soon) they will be discovered by
unfriendly programs "out there".
How can I safely allow my server's IP address to use those high ports
and get traffic through Firestarter? Or outside firestarter?
I cannot create my forwarded ssh tunnels, or use certain websites (like
google) without settling this.
Thanks in advance,
JJ
More information about the ubuntu-users
mailing list