Diff: FirewallNotes

Differences between current version and predecessor to the previous major change of FirewallNotes.

Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History

Newer page: version 26 Last edited on Friday, July 7, 2006 2:13:55 pm by CraigBox
Older page: version 25 Last edited on Friday, April 22, 2005 11:48:44 am by JohnMcPherson Revert
@@ -90,10 +90,20 @@
 Alternatively, you can go with the ''Don't fix good science to work with a bad implementation'', or manually add rules allowing access to the NZ Herald [IP]s. 
 Also, it should be noted that some home routers don't seem to like [ECN]s either. If you're having problems accessing the InterNet with a home [ADSL] router, and tcpdump(8) output is mentioning packets with [SWE], try turning [ECN]s off as seen in the [ECN] page. 
+!!! Multiple people behind a firewall can't make PPTP connections simultaneously  
 Have a [NAT] FireWall that only allows one person behind it to make a [VPN] connection at once? See [PPTPConnectionTracking] 
+!!! Run non-root processes on ports below 1024  
+If you want to be able to run a process that responds to requests on a [Port] below 1024 without running it as the SuperUser, a simple approach is to have it bind to some port above 1024, then configure a lower layer in the NetworkStack to do the legwork. On [Linux], a convenient way to achieve this is by using iptables(8):  
+iptables --table nat -A PREROUTING -p tcp --dport <i>$external_port</i> -i eth0 -j REDIRECT --to-ports <i>$local_port</i>  
+This way, you could have a process bind to port 8080 locally, but have it appear to outsiders as though it was listening on port 80.  
 Part of CategoryNetworking and CategorySecurity