Date: Thu, 7 Dec 2000 15:33:38 -0700 (MST) From: "David G. Andersen" <dga@pobox.com> To: petef@databits.net (Pete Fritchman) Cc: dga@pobox.com (David G. Andersen), root@battery.yi.org (Brad Mace), freebsd-security@FreeBSD.ORG Subject: Re: mrtg through firewall Message-ID: <200012072233.PAA10695@faith.cs.utah.edu> In-Reply-To: <20001207163518.A3794@databits.net> from "Pete Fritchman" at Dec 07, 2000 04:35:18 PM
next in thread | previous in thread | raw e-mail | index | archive | help
Um. How does this differ from "allow UDP from the snmp back to any of your high UDP ports?" That's exactly what I said. MRTG will open a random high UDP port and send data out to the remote SNMP port, from which it will get replies... -Dave Lo and behold, Pete Fritchman once said: > > No, you don't. You can allow any UDP with the source port of snmp to talk to > your mrtg box. > > -pete > > ++ 06/12/00 22:05 -0700 - David G. Andersen: > >Not really. You're going to basically have to allow UDP from the snmp > >port back to any of your high UDP ports, but you can at least limit it to > >that. You'll still be able to block most of the reserved UDP ports. > > > >Similar problems exist with many DNS resolvers, so it likely won't be a > >big change for your firewall rules. > > > > -Dave > > > >Lo and behold, Brad Mace once said: > >> > >> I've been trying to setup my firewall rules to allow mrtg to run. It > >> seems to use different udp ports each time. Is there a way i can allow it > >> without allowing all udp packets? > >> > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > >> > > > > > >-- > >work: dga@lcs.mit.edu me: dga@pobox.com > > MIT Laboratory for Computer Science http://www.angio.net/ > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > -- > Pete Fritchman <petef@databits.net> > Databits Network Services, Inc > http://www.databits.net > finger: petef@analog.databits.net > > > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012072233.PAA10695>