Differences between version 26 and previous revision of FirewallNotes.
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 26 | Last edited on Friday, July 7, 2006 2:13:55 pm | by CraigBox | Revert |
| Older page: | version 25 | Last edited on Friday, April 22, 2005 11:48:44 am | by JohnMcPherson | Revert |
@@ -90,10 +90,20 @@
Alternatively, you can go with the ''Don't fix good science to work with a bad implementation'', or manually add rules allowing access to the NZ Herald [IP]s.
Also, it should be noted that some home routers don't seem to like [ECN]s either. If you're having problems accessing the InterNet with a home [ADSL] router, and tcpdump(8) output is mentioning packets with [SWE], try turning [ECN]s off as seen in the [ECN] page.
------
+!!! Multiple people behind a firewall can't make PPTP connections simultaneously
Have a [NAT] FireWall that only allows one person behind it to make a [VPN] connection at once? See [PPTPConnectionTracking]
+
+!!! Run non-root processes on ports below 1024
+
+If you want to be able to run a process that responds to requests on a [Port] below 1024 without running it as the SuperUser, a simple approach is to have it bind to some port above 1024, then configure a lower layer in the NetworkStack to do the legwork. On [Linux], a convenient way to achieve this is by using iptables(8):
+
+<pre>
+iptables --table nat -A PREROUTING -p tcp --dport <i>$external_port</i> -i eth0 -j REDIRECT --to-ports <i>$local_port</i>
+</pre>
+
+This way, you could have a process bind to port 8080 locally, but have it appear to outsiders as though it was listening on port 80.
----
Part of CategoryNetworking and CategorySecurity
