Re:[GnomeMeeting-list] GM 0.94 firewall security issues..
- From: "AG" <agreen bkaeg org>
- To: <gnomemeeting-list gnome org>
- Cc: <m-redlich t-online de>
- Subject: Re:[GnomeMeeting-list] GM 0.94 firewall security issues..
- Date: Mon, 23 Dec 2002 17:26:34 -0500 (EST)
>
> there are some points I don't understand.
>>
>> I noticed that GM FAQ doesn't explicityl list an IP address origin for
>> all GM/ILS server connections..
>
> How should it be possible to define all possible IP addresses? Which
> one does he mean?
AG> IIRC, The old Netmeeting pkg req'd all clients to log into a central
AG> ULS. Does GM/ILS also work in this manner? If so, I would rather set up
AG> my firewall rules to allow traffic from this IP address only.
AG> For instance, I would simply use the IP address for ils.seconix.com and
AG> only allow traffic originating from this domain.
>>
>> IOW, it appears that you just 'blindly' open the required ports -> TCP
>> ports 1720 and 30000-30010
>> UDP pors 5000:5003
>>
>
> That really depends on his needings. With ipchains you can check the
> packets for many aspects (source ip, destination ip and so on..), thus
> we have to know what he wants to allow/reject.
> He can verify packets, but how this works depends on his configuration.
> We need more information!
AG> I'm using IP chains and I typically deny all traffic that I've not
AG> explicitly added to my rules. Hopefully, my statement above will help
AG> clarify my intentions. I do not simply wish to open my LAN to the world.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]