From owner-freebsd-hackers  Mon Feb 22  8:17:28 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from cerebus.nectar.com (nectar-gw.nectar.com [204.0.249.101])
	by hub.freebsd.org (Postfix) with ESMTP id C333B116ED
	for <hackers@FreeBSD.ORG>; Mon, 22 Feb 1999 08:17:14 -0800 (PST)
	(envelope-from nectar@nectar.com)
Received: (from smap@localhost)
	by cerebus.nectar.com (8.9.1/8.9.1) id KAA20766;
	Mon, 22 Feb 1999 10:17:13 -0600 (CST)
	(envelope-from nectar@nectar.com)
Received: from spawn.nectar.com(10.0.0.101) by cerebus.nectar.com via smap (V2.1)
	id xma020761; Mon, 22 Feb 99 10:17:03 -0600
Received: from spawn.nectar.com (localhost [127.0.0.1])
	by spawn.nectar.com (8.9.3/8.9.1) with ESMTP id KAA67943;
	Mon, 22 Feb 1999 10:17:03 -0600 (CST)
	(envelope-from nectar@spawn.nectar.com)
Message-Id: <199902221617.KAA67943@spawn.nectar.com>
X-Mailer: exmh version 2.0.2 2/24/98
X-Exmh-Isig-CompType: repl
X-Exmh-Isig-Folder: lists/freebsd
X-PGP-RSAfprint: 00 F9 E6 A2 C5 4D 0A 76  26 8B 8B 57 73 D0 DE EE
X-PGP-RSAkey: http://www.nectar.com/nectar-pgp262.txt
From: Jacques Vidrine <n@nectar.com>
In-reply-to: <36D12D31.1C649D7F@verinet.com> 
References: <36D12D31.1C649D7F@verinet.com>
Subject: Re: Privileged port problems 
Mime-Version: 1.0
Content-Type: text/plain
To: Allen Campbell <allenc@verinet.com>
Cc: hackers@FreeBSD.ORG
Date: Mon, 22 Feb 1999 10:17:03 -0600
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 22 February 1999 at 3:10, Allen Campbell <allenc@verinet.com> wrote:
> My ISP appears to be filtering outgoing packets for privileged
> source port numbers.  This is preventing me from accessing
> anoncvs.freebsd.org; the CVS client attempts to authenticate to
> anoncvs.freebsd.org using a privileged source port (via rsh) and the
> operation times out.  I also observe that rpcinfo as a
> non-privileged user works correctly, but fails as root because it
> then attempts to use a privileged source port.
>
> I'm fairly certain I will have no luck convincing my ISP to allow
> these connections.  No doubt they will claim it prevents their
> customers from using their system to attack other hosts.

Bah!  Complain and, if necessary, switch ISPs.  You are paying your 
ISP to route transport IP traffic.  By filtering your legitimate IP
packets, they are not living up to their part of the bargain.

Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message