[jadmin] iptables and Jabber
Norman Rasmussen
norman at rasmussen.co.za
Mon Mar 12 14:02:45 CDT 2007
On 3/12/07, Markus Meyer <markus.meyer at koeln.de> wrote:
> On [Mon, Mar 12 09:51], Norman Rasmussen wrote:
> >internet? (match on process name, or uid - use -m owner --uid-owner,
> >or --cmd-owner).
>
> Hmm, owner match is not supported and I can't fiddle around in kernel.
pity, worse case you could patch the s2s code to bind to a certain
source port (with opt_REUSE), and unfirewall connections from that
source port.
> >The alternative would be to write a stateful filter that detects DNS
> >SRV responses, and treats them as expected connections.
>
> Since this would be for me like the work Sysiphos has done, I think I'll
> set up a rule that allows traffic for ports 5260-5269. A quick view
> showed me that if SRV records are used the above are the used
> ports(mostly).
mostly yes,
> So thanks for all the answers and the destroyed hope that assigned ports
> are like a standard ;)
well, 5269 is the standard assigned port, but it's much easier (on
your IP allocations) to do load balancing on a single IP address (and
multiple ports), than assigning one IP per machine.
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the JAdmin
mailing list