Re: (ASCEND) Secure Access Firewall,

To: "Phillip Grasso" <phillip@1earth.net>, "Bill Wilson" <fluffy@KeyserSoze.snurgle.org>, <ascend-users@bungi.com>
Subject: Re: (ASCEND) Secure Access Firewall,
From: "Leon McCalla" <ascend@caribbeanlink.com>
Date: Wed, 3 Dec 1997 09:37:44 -0500
Sender: owner-ascend-users@max.bungi.com

1) you can allow ranges, eg 1024-65535

2) by typing "netstat -an" from a dos prompt, you can see which ports are in
use or waiting for data whil quake is running. Actually the best way is to
start the windows syslog program and set the cracking prevention to verbose
log. it will log all trapped packets.

NB: remember to allow syslog packets if you are going to run the syslog
deamon. failure to do so will put your pipeline in an endless loop. ie it
will try to log each failed log attempt and eat the CPU.

3) if quake uses TCP ports you can solve all your problems by opening an
incoming TCP profile that allows ports 1024-65535. that will allow quake to
listen to incoming data.

Leon McCalla
Netrox Networking Services
leon@netrox.net
-----Original Message-----

>G'day
>The secure access firewall doesn't allow you to allow ranges. You must
>specify the Protocol & port. download it and have a look, it's a windows
>GUI.
>
>Bill Wilson wrote:
>
>> Best bet is to allow the well-known connection ports, then watch the
>> traffic to see what happens.  Maybe start by allowing all ports
>> 1024<x<5000 and see if they tend to get used.  You might be able to
>> trim
>> the range a bit if it's important.
>>
>> In general, making firewalls work with quake means that you have to
>> abandon either quake, or the "deny all except what I specifically
>> allow"
>> policy.  Instead you have to pretty much allow such a wide range of
>> ports
>> that you're really getting into an "allow all but what I specifically
>> deny" policy.  Which if you ask me is perfectly good.  :)  Me
>> personally,
>> I filter out NFS, NIS, radius, and that's about it.  I'm not a big
>> firewall fan... :)
>
>
>
>++ Ascend Users Mailing List ++
>To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd: <http://www.nealis.net/ascend/faq>

BEGIN:VCARD
N:McCalla;Leon
FN:Leon McCalla
ORG:Netrox;Network
TITLE:Network Engineer
TEL;WORK;VOICE:305-374-3031
TEL;PAGER;VOICE:305-738-0326
TEL;WORK;FAX:305-358-4114
ADR;WORK;ENCODING=QUOTED-PRINTABLE:;;100 South Biscayne Blvd=0D=0ASuite 1201;Miami;FL;33131;USA
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:100 South Biscayne Blvd=0D=0ASuite 1201=0D=0AMiami, FL 33131=0D=0AUSA
URL:http://www.netrox.net
EMAIL;PREF;INTERNET:leon@netrox.net
END:VCARD

Prev by Date: (ASCEND) Max 1600 - unenhanced HDLC channel maximum?
Next by Date: Re: (ASCEND) AMI to B8ZS conversion?
Prev by thread: Re: (ASCEND) Secure Access Firewall,
Next by thread: (ASCEND) Death of the Incremental releases?
Index(es):
- Main
- Thread